General
-
Target
4725351209265b4653cf92795afb729bcc84fd16e9aa2ed0355e9e5976695fdd
-
Size
34KB
-
Sample
240704-1aatxsscme
-
MD5
0a5954b39e6ce6c5d6640bc17eb4ab88
-
SHA1
54188f462d3b8a2eb5e76d17a0884355e65c6408
-
SHA256
4725351209265b4653cf92795afb729bcc84fd16e9aa2ed0355e9e5976695fdd
-
SHA512
70e0bde5d1dcbff6e89de09cc34ddb8c02af4c4a9c87238ba92369c568cbe27ccdcf304ca2c7cbf1c973707f1a47ebe5ae24754cfd69a46e49717866564970bd
-
SSDEEP
768:IveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:0SP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
4725351209265b4653cf92795afb729bcc84fd16e9aa2ed0355e9e5976695fdd
-
Size
34KB
-
MD5
0a5954b39e6ce6c5d6640bc17eb4ab88
-
SHA1
54188f462d3b8a2eb5e76d17a0884355e65c6408
-
SHA256
4725351209265b4653cf92795afb729bcc84fd16e9aa2ed0355e9e5976695fdd
-
SHA512
70e0bde5d1dcbff6e89de09cc34ddb8c02af4c4a9c87238ba92369c568cbe27ccdcf304ca2c7cbf1c973707f1a47ebe5ae24754cfd69a46e49717866564970bd
-
SSDEEP
768:IveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:0SP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-