General
-
Target
cd05631f476c7599f54d6a276fe8a3383ba6b7f153034db138503b71513945b6
-
Size
12KB
-
Sample
240522-xw9ctsdc99
-
MD5
7eef05a09734d3716ab632ea88485d7b
-
SHA1
b41e0f20958206601f27dd8ac7ba6ca1a704f62b
-
SHA256
cd05631f476c7599f54d6a276fe8a3383ba6b7f153034db138503b71513945b6
-
SHA512
0b81df9eb1d4da5688ed7cbf1724c43aa24114a47e57ae781eb5f613de7f63ac7768b614492afdb3f9ec25a3029347acff8e5cdb091f95f34168bdc7d6a61f4d
-
SSDEEP
192:vZZL29RBzDzeobchBj8JONlONKyQru+rEPEjr7Ahy:H29jnbcvYJO2au+vr7Cy
Malware Config
Extracted
Targets
-
-
Target
cd05631f476c7599f54d6a276fe8a3383ba6b7f153034db138503b71513945b6
-
Size
12KB
-
MD5
7eef05a09734d3716ab632ea88485d7b
-
SHA1
b41e0f20958206601f27dd8ac7ba6ca1a704f62b
-
SHA256
cd05631f476c7599f54d6a276fe8a3383ba6b7f153034db138503b71513945b6
-
SHA512
0b81df9eb1d4da5688ed7cbf1724c43aa24114a47e57ae781eb5f613de7f63ac7768b614492afdb3f9ec25a3029347acff8e5cdb091f95f34168bdc7d6a61f4d
-
SSDEEP
192:vZZL29RBzDzeobchBj8JONlONKyQru+rEPEjr7Ahy:H29jnbcvYJO2au+vr7Cy
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-