General
-
Target
3ef3c9d76fe7e5dd9ac6ce8c0cbdcefec0c702f58e927ad5c3b16463933235eb
-
Size
12KB
-
Sample
240522-xwllrsdb81
-
MD5
04c57a110cfba2e4d07ba93ae3813766
-
SHA1
c971c2b16d778b044a79dc92edaefd8d13c0b81f
-
SHA256
3ef3c9d76fe7e5dd9ac6ce8c0cbdcefec0c702f58e927ad5c3b16463933235eb
-
SHA512
e783e5a0cd7b4db2c6c3a17331b876a20f16890bb5d5839fdf3cd73e565c45792422180135a0fdab18379da305dd1a095b5ac2df71e01e7318f14769fecd1907
-
SSDEEP
192:iL29RBzDzeobchBj8JONmONlJrugrEPEjr7AhsG:829jnbcvYJO/9ugvr7Cd
Malware Config
Extracted
Targets
-
-
Target
3ef3c9d76fe7e5dd9ac6ce8c0cbdcefec0c702f58e927ad5c3b16463933235eb
-
Size
12KB
-
MD5
04c57a110cfba2e4d07ba93ae3813766
-
SHA1
c971c2b16d778b044a79dc92edaefd8d13c0b81f
-
SHA256
3ef3c9d76fe7e5dd9ac6ce8c0cbdcefec0c702f58e927ad5c3b16463933235eb
-
SHA512
e783e5a0cd7b4db2c6c3a17331b876a20f16890bb5d5839fdf3cd73e565c45792422180135a0fdab18379da305dd1a095b5ac2df71e01e7318f14769fecd1907
-
SSDEEP
192:iL29RBzDzeobchBj8JONmONlJrugrEPEjr7AhsG:829jnbcvYJO/9ugvr7Cd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-