General
-
Target
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090
-
Size
217KB
-
Sample
241113-zxtd4ssmem
-
MD5
af97eef8cd5b30d5ead954548db326a7
-
SHA1
63eb4293992cc087ed269d91eef0c6d299c68c5d
-
SHA256
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090
-
SHA512
19ce039ed518fcb9c3aae1691c691051722113eec7499b65bd4338bf32bf1982150101c82b9eb2f0d5c3210a4049397fbe4f12ca93e418ed0e9720bb7f9eb160
-
SSDEEP
3072:tD2y/GdyEktGDWLS0HZWD5w8K7Nk9wD7IBUmY9a1m1P7Q4hk9Z4o4XJ5C:tD2k4itGiL3HJk9wD7bM4i9uxJ5
Behavioral task
behavioral1
Sample
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://theaustinochuks.com/personal_array/kvrmif/
http://sarafifallahi.com/wp-admin/uUXtpLhI/
http://faustosarli.com/wp-admin/mYZW0/
http://janejahan.com/wp-content/hqiw1u9/
http://vikstory.ca/h/f2cgRvw/
Targets
-
-
Target
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090
-
Size
217KB
-
MD5
af97eef8cd5b30d5ead954548db326a7
-
SHA1
63eb4293992cc087ed269d91eef0c6d299c68c5d
-
SHA256
5a85fc8a3d5b5f112e887d7e5a2518da1dff49c034363b5bc0c3b7d5b369d090
-
SHA512
19ce039ed518fcb9c3aae1691c691051722113eec7499b65bd4338bf32bf1982150101c82b9eb2f0d5c3210a4049397fbe4f12ca93e418ed0e9720bb7f9eb160
-
SSDEEP
3072:tD2y/GdyEktGDWLS0HZWD5w8K7Nk9wD7IBUmY9a1m1P7Q4hk9Z4o4XJ5C:tD2k4itGiL3HJk9wD7bM4i9uxJ5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-