General
-
Target
6fd7c22e15c0bd2bd06eb1649bdc81dd45d0e95ced5b271ad4593aab5c5c125f
-
Size
184KB
-
Sample
241120-169m5avkct
-
MD5
6dab54adf8a12dec748ad9f3b722e7c5
-
SHA1
ce34c858f627bc4023c4d21866cd4a032cbfea8b
-
SHA256
6fd7c22e15c0bd2bd06eb1649bdc81dd45d0e95ced5b271ad4593aab5c5c125f
-
SHA512
daf174e42d3ee986fb1a974a937860fcd3c7685cfae7907e074ff7d1492c5401da20bbcda7d4aa36f41d8a46b9583eec77f958948254b103bc29604616f3ad2d
-
SSDEEP
3072:/e2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUMoUH9CBjBoax5waA1NWBM0zr:/e2k4TtGiL3HJk9aD7bMoUH9CBjBoax1
Malware Config
Extracted
http://gobabynames.com/dz6r/xytx7/
http://nhomkinhthienbinh.com/cgi-bin/yW/
http://capitalcitycarwash.com/komldk65kd/7tz/
http://compscischool.com/wp-content/8a1n/
http://gianphoisonghong.com/wp-includes/AUWxwq1V2s/
Targets
-
-
Target
6fd7c22e15c0bd2bd06eb1649bdc81dd45d0e95ced5b271ad4593aab5c5c125f
-
Size
184KB
-
MD5
6dab54adf8a12dec748ad9f3b722e7c5
-
SHA1
ce34c858f627bc4023c4d21866cd4a032cbfea8b
-
SHA256
6fd7c22e15c0bd2bd06eb1649bdc81dd45d0e95ced5b271ad4593aab5c5c125f
-
SHA512
daf174e42d3ee986fb1a974a937860fcd3c7685cfae7907e074ff7d1492c5401da20bbcda7d4aa36f41d8a46b9583eec77f958948254b103bc29604616f3ad2d
-
SSDEEP
3072:/e2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUMoUH9CBjBoax5waA1NWBM0zr:/e2k4TtGiL3HJk9aD7bMoUH9CBjBoax1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-