General
-
Target
d247fc1438ce9ab6f78351bcef3c347acaa9b1591be992e49162916a27d0146f
-
Size
12KB
-
Sample
240522-zamm2sff29
-
MD5
e99a2438e6a578df91082d4f5df91b20
-
SHA1
1eac9032940b00e58da63926d3ee7555ac7e2da7
-
SHA256
d247fc1438ce9ab6f78351bcef3c347acaa9b1591be992e49162916a27d0146f
-
SHA512
9eead575cafe579c51d97f15b715d4daf27879adeb9c2cb203452f6a5323b38e5bda223a97a91e9c8763ac1b785f4cf0749a1b26e4d1236c9beb66de4c2c208f
-
SSDEEP
192:/L29RBzDzeobchBj8JONvONXZruhrEPEjr7Ahg:T29jnbcvYJOAfuhvr7Cg
Malware Config
Extracted
Targets
-
-
Target
d247fc1438ce9ab6f78351bcef3c347acaa9b1591be992e49162916a27d0146f
-
Size
12KB
-
MD5
e99a2438e6a578df91082d4f5df91b20
-
SHA1
1eac9032940b00e58da63926d3ee7555ac7e2da7
-
SHA256
d247fc1438ce9ab6f78351bcef3c347acaa9b1591be992e49162916a27d0146f
-
SHA512
9eead575cafe579c51d97f15b715d4daf27879adeb9c2cb203452f6a5323b38e5bda223a97a91e9c8763ac1b785f4cf0749a1b26e4d1236c9beb66de4c2c208f
-
SSDEEP
192:/L29RBzDzeobchBj8JONvONXZruhrEPEjr7Ahg:T29jnbcvYJOAfuhvr7Cg
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-