General
-
Target
f47e81ebafeb8cb6c097277ba50450c1c9e609492417f6c2f52baf11bbdf9ba5
-
Size
33KB
-
Sample
240704-11fsvstgmb
-
MD5
984e02d3a9192feac1d85c80c7b0ba3f
-
SHA1
67a8368af620ae0ad16c2aacb0a2a089896789e7
-
SHA256
f47e81ebafeb8cb6c097277ba50450c1c9e609492417f6c2f52baf11bbdf9ba5
-
SHA512
038e5cfff56d7526b18b4853a9714eaf2f00e15c6e81324e306e0a4201f033db5767681604450145f516a46fe66a88dd0954741e7da6d48e63539acbbdf952c6
-
SSDEEP
768:Wtvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJoQeMkd93:GPk3hbdlylKsgqopeJBWhZFGkE+cL2N3
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
f47e81ebafeb8cb6c097277ba50450c1c9e609492417f6c2f52baf11bbdf9ba5
-
Size
33KB
-
MD5
984e02d3a9192feac1d85c80c7b0ba3f
-
SHA1
67a8368af620ae0ad16c2aacb0a2a089896789e7
-
SHA256
f47e81ebafeb8cb6c097277ba50450c1c9e609492417f6c2f52baf11bbdf9ba5
-
SHA512
038e5cfff56d7526b18b4853a9714eaf2f00e15c6e81324e306e0a4201f033db5767681604450145f516a46fe66a88dd0954741e7da6d48e63539acbbdf952c6
-
SSDEEP
768:Wtvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJoQeMkd93:GPk3hbdlylKsgqopeJBWhZFGkE+cL2N3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-