General
-
Target
5dd7cf684929ca3a2dea93934e7685efa18394eb07b64fae4bf03e3239e3cdc9
-
Size
121KB
-
Sample
241120-2s73tawbrj
-
MD5
2bf4037dc83d399f5533e984f6a235f0
-
SHA1
4c047e262ebaa6971925b01d08097235124826e0
-
SHA256
5dd7cf684929ca3a2dea93934e7685efa18394eb07b64fae4bf03e3239e3cdc9
-
SHA512
f9f3cbb54d94312041b0e3c19e5ac1e401f9c7f7ca8e002a4d2ae92e70d34b603b7bba4238949ff25e44a74142672b3c67ba37adc55740f33a4f5e88c0812b88
-
SSDEEP
3072:jlcKoSsxzNDZLDZjlbR868O8KlVH37kehvMqAPjxO5xyZUE5V5xtezEVg8/dgGBW:JcKoSsxzNDZLDZjlbR868O8KlVH37ken
Malware Config
Extracted
http://alivesystems.com/eln-images/pm2rSsnVM/
http://don-lee.com/_notes/U6H14DNA/
http://mellow60s.com/Stanley_files/EFIqwZ183rfmd/
http://pro-ficientllc.com/PDF_files/5A9W8/
http://lost-earth.com/Black_and_White/ZW4rHEdD1vZX/
http://creedmoorpartners.com/eln-images/wEYKd5KJZETheBswq/
http://mattersoffact.com/cgi/E0C1vtSqt/
http://pureplatinumband.com/Schedule/EW24AYJCvBpN8Gc/
http://homehandyworks.com/eln-images/xFIDPfs4SS1yw7ghXXk/
http://hi-techaudio.com/dir2021/g3d/
http://roderickpowellentertainment.com/eln-images/OVOyN3y9/
https://consciences.center/wp-includes/SkW2w/
http://mag-designs.com/css/L3QKlr6iTzILVzbnC/
Targets
-
-
Target
5dd7cf684929ca3a2dea93934e7685efa18394eb07b64fae4bf03e3239e3cdc9
-
Size
121KB
-
MD5
2bf4037dc83d399f5533e984f6a235f0
-
SHA1
4c047e262ebaa6971925b01d08097235124826e0
-
SHA256
5dd7cf684929ca3a2dea93934e7685efa18394eb07b64fae4bf03e3239e3cdc9
-
SHA512
f9f3cbb54d94312041b0e3c19e5ac1e401f9c7f7ca8e002a4d2ae92e70d34b603b7bba4238949ff25e44a74142672b3c67ba37adc55740f33a4f5e88c0812b88
-
SSDEEP
3072:jlcKoSsxzNDZLDZjlbR868O8KlVH37kehvMqAPjxO5xyZUE5V5xtezEVg8/dgGBW:JcKoSsxzNDZLDZjlbR868O8KlVH37ken
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-