General
-
Target
emo.doc
-
Size
205KB
-
Sample
230530-wh5l2sbd5v
-
MD5
3079af4d01ee6ec51bd3d9911da7e23f
-
SHA1
3ea711d020b52fb0490c359462451d4edd471e33
-
SHA256
c578a9fc241658517a7346a2a60236c84f0bb4919b857db226150aab4093451e
-
SHA512
4bfd70a75f7dc51439d6bd0a4ec083ca9ced847de7cdf242e6583b0c5c71ebba4df6d5c7781ecfe6213fce8b0f6446b6630d353c2038e6687cc18a559d537535
-
SSDEEP
3072:evt3BDbKRPJivKie6B/w2yiWydh+bRevf1+l:evdlbKRPJiP/w2PCx
Malware Config
Extracted
http://da-industrial.htb/js/9IdLP/
http://daprofesional.htb/data4/hWgWjTV/
https://dagranitegiare.htb/wp-admin/tV/
http://www.outspokenvisions.htb/wp-includes/aWoM/
http://mobsouk.htb/wp-includes/UY30R/
http://biglaughs.htb/smallpotatoes/Y/
https://ngllogistics.htb/adminer/W3mkB/
Targets
-
-
Target
emo.doc
-
Size
205KB
-
MD5
3079af4d01ee6ec51bd3d9911da7e23f
-
SHA1
3ea711d020b52fb0490c359462451d4edd471e33
-
SHA256
c578a9fc241658517a7346a2a60236c84f0bb4919b857db226150aab4093451e
-
SHA512
4bfd70a75f7dc51439d6bd0a4ec083ca9ced847de7cdf242e6583b0c5c71ebba4df6d5c7781ecfe6213fce8b0f6446b6630d353c2038e6687cc18a559d537535
-
SSDEEP
3072:evt3BDbKRPJivKie6B/w2yiWydh+bRevf1+l:evdlbKRPJiP/w2PCx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-