General
-
Target
list-20200820-0087792.doc
-
Size
238KB
-
Sample
230630-p4f29adg6v
-
MD5
835f29dac8723760261ebf8bf69906fc
-
SHA1
be3b3e10bc6d68afbe3995a5b11cf655f769adb8
-
SHA256
739d1a0cb32d1185c3a29e2fdba23d010d6f89076810095357750c6960ddbfd4
-
SHA512
2e96baeddfb2e118831b4577fa171d6c3329c7aa7cf1fb461bea894a13fa54931532602b9d38c2a0c7098e919bc768ab72318f254ad88f5f147f34183696cee9
-
SSDEEP
3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkZ6QLtt7gawog:AHgtEWPsL/aTyT9GkxT7gawog
Malware Config
Extracted
https://www.yikeyuedu.com/wp-includes/Zf/
https://ywqzz.com/wp-includes/U/
https://masteringroi.com/roiroi/theme/60/
http://dootnaturals.com/wp-content/Xq/
https://colco-seminare.de/WordPress_05/H/
http://bautech-nickels.de/angebote/9/
http://conceptis.de/cgi-bin/m/
Targets
-
-
Target
list-20200820-0087792.doc
-
Size
238KB
-
MD5
835f29dac8723760261ebf8bf69906fc
-
SHA1
be3b3e10bc6d68afbe3995a5b11cf655f769adb8
-
SHA256
739d1a0cb32d1185c3a29e2fdba23d010d6f89076810095357750c6960ddbfd4
-
SHA512
2e96baeddfb2e118831b4577fa171d6c3329c7aa7cf1fb461bea894a13fa54931532602b9d38c2a0c7098e919bc768ab72318f254ad88f5f147f34183696cee9
-
SSDEEP
3072:Aj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkZ6QLtt7gawog:AHgtEWPsL/aTyT9GkxT7gawog
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-