General
-
Target
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a
-
Size
181KB
-
Sample
241113-k6bhbsyglh
-
MD5
f5b6eedad465b4e329aac3e5b90267c9
-
SHA1
dc72bd25f900e8a9c71adcd4762c91a026864c5d
-
SHA256
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a
-
SHA512
0136ee02b95a9ba03ea3b65b29da4810983224988ea9d6d8809518447c30df9f173449b3c955d9617f7f5c83a20b8f7be9d6cb640ddbfae9f2b608a5774970ad
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NO2k4PF7tGiL3HJk9rD7bdasiv86J
Behavioral task
behavioral1
Sample
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://diwafashions.com/wp-admin/mqau6/
http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
http://dixartcontractors.com/cgi-bin/nnuv/
http://diaspotv.info/wordpress/G/
http://easyvisaoverseas.com/cgi-bin/v/
Targets
-
-
Target
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a
-
Size
181KB
-
MD5
f5b6eedad465b4e329aac3e5b90267c9
-
SHA1
dc72bd25f900e8a9c71adcd4762c91a026864c5d
-
SHA256
d14ba6bd2f68f07e737d847e85e2be7d51203fe075449d7be9283e72060df87a
-
SHA512
0136ee02b95a9ba03ea3b65b29da4810983224988ea9d6d8809518447c30df9f173449b3c955d9617f7f5c83a20b8f7be9d6cb640ddbfae9f2b608a5774970ad
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NO2k4PF7tGiL3HJk9rD7bdasiv86J
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-