General
-
Target
173d644887fe55f54403e56181f9f4a61283332b264b2664bdd05f90317b9519.doc
-
Size
519KB
-
Sample
240523-bh6twsfh7t
-
MD5
f81b30a64f41a0f7a310ca679a228d79
-
SHA1
356cb6b79fc52f1b3fa931865603e8154459a0ee
-
SHA256
173d644887fe55f54403e56181f9f4a61283332b264b2664bdd05f90317b9519
-
SHA512
4a520ffbaca8e870bc32bbf19f3c3f93cf76ed5f6b913c69ce6eb9bf229df4f8709ccbe265a0e19822ba09d431e89e0c6d8d4be601b767f321e2c3012ea1c7ce
-
SSDEEP
6144:ELEc+F+HLHNIvPl8qZDC9VT8L38S8WyI6OLxoq5seCsH8BB3y8dqtUO2TsyUrYA:ELEcJHNopZW9eLH8WyITLfyXXvqxjb
Malware Config
Extracted
http://monopoliafromyou.ru/download/2.exe
Targets
-
-
Target
173d644887fe55f54403e56181f9f4a61283332b264b2664bdd05f90317b9519.doc
-
Size
519KB
-
MD5
f81b30a64f41a0f7a310ca679a228d79
-
SHA1
356cb6b79fc52f1b3fa931865603e8154459a0ee
-
SHA256
173d644887fe55f54403e56181f9f4a61283332b264b2664bdd05f90317b9519
-
SHA512
4a520ffbaca8e870bc32bbf19f3c3f93cf76ed5f6b913c69ce6eb9bf229df4f8709ccbe265a0e19822ba09d431e89e0c6d8d4be601b767f321e2c3012ea1c7ce
-
SSDEEP
6144:ELEc+F+HLHNIvPl8qZDC9VT8L38S8WyI6OLxoq5seCsH8BB3y8dqtUO2TsyUrYA:ELEcJHNopZW9eLH8WyITLfyXXvqxjb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-