General
-
Target
e96157b087433e6229b73c34378b78a424e212f8aa17b636e061bbb510160dde
-
Size
438KB
-
Sample
241120-1sm7zatepf
-
MD5
24566eb11518c1097b4f73f5df0f6ade
-
SHA1
a0259d07a45d3c3dc41a3035f8a2c708a0ec9218
-
SHA256
e96157b087433e6229b73c34378b78a424e212f8aa17b636e061bbb510160dde
-
SHA512
49d8c76c6fe0a8bb3d8e3e4f88460df7fbc6e1f7978c23152ec3dfe46fe32fb44e8eabf2cd6c6292711afbcd7ef1454a1be10ce8ca121c8bcda4b20dea507e21
-
SSDEEP
12288:J947a/JjsLZjXYc7X0/aXCKli04OaZ1XyAzhFA:ZurYc7E/i004OS7zhFA
Behavioral task
behavioral1
Sample
e96157b087433e6229b73c34378b78a424e212f8aa17b636e061bbb510160dde.xls
Resource
win7-20240903-en
Malware Config
Extracted
https://wildmanwildfood.com/wp-admin/wxyadXKXFe/
https://ashven.co.uk/wp-includes/UwBairqGXVb11tCu/
https://aigenix.comartstudios.com/cgi-bin/ZZ8HCNr40H/
https://fastonlineearn.com/wp-content/L/
https://mbmscaffolding.co.uk/test/3j/
https://ineslebuhan.com/wp-includes/7dLR8UB3RFfSHd4cZN/
https://mccoygloballinks.com/cgi-bin/HvZWLrLljiRj2ck/
http://lonaomer.com/wp-content/6G/
https://tainformado.com.br/wp-content/0Ysot/
https://nifdtb.in/wp-content/9uHo3GBgyIQ/
https://sdn3sajen.stormapp.in/wp-admin/Xc6Z/
https://narsanat.com/banner/TnIhz/
https://vanessanascimento.com.br/auren-xbox/cDD2dfW/
https://medvital.com.br/arquivos/q6ZjbPPoR7l/
https://mcjalandhar.in/1950-kill/BMoLHJM4g/
https://nuranabd.com/wp-content/BhYOZ2pJV5q/
https://sdigitaltv.online/wp-admin/rpRCArrXjpoUXo/
http://news.leta.com.vn/-/NQOY80o/
Targets
-
-
Target
e96157b087433e6229b73c34378b78a424e212f8aa17b636e061bbb510160dde
-
Size
438KB
-
MD5
24566eb11518c1097b4f73f5df0f6ade
-
SHA1
a0259d07a45d3c3dc41a3035f8a2c708a0ec9218
-
SHA256
e96157b087433e6229b73c34378b78a424e212f8aa17b636e061bbb510160dde
-
SHA512
49d8c76c6fe0a8bb3d8e3e4f88460df7fbc6e1f7978c23152ec3dfe46fe32fb44e8eabf2cd6c6292711afbcd7ef1454a1be10ce8ca121c8bcda4b20dea507e21
-
SSDEEP
12288:J947a/JjsLZjXYc7X0/aXCKli04OaZ1XyAzhFA:ZurYc7E/i004OS7zhFA
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-