General
-
Target
934083e9205db8fbd2eb4d537eb84ce9eecbb8fd70df07cc874f8af7a7164fe8
-
Size
238KB
-
Sample
241120-edtwbazndz
-
MD5
5af77638931702e8b0ea8862a2e70b78
-
SHA1
b133a5f424f8ecf8b46a9c996b51874adc78e7d2
-
SHA256
934083e9205db8fbd2eb4d537eb84ce9eecbb8fd70df07cc874f8af7a7164fe8
-
SHA512
f6c80ea0e1db089267bf6b318ec3945c3c2b9baff33be2a20ac058a5a986460de2c2e1841af11e7f24b8ff4ba315a7e7a868b24a783de39eb11cfe492af9c0d9
-
SSDEEP
6144:70Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+ZwZwyx:70E3dxtR/iU9mvUPqZw4
Malware Config
Extracted
http://sanketpatil.online/wp-includes/rBhbqf/
http://deals.autostar.com.sa/wp-admin/tnibbgr-7y3i2-4052100/
http://activatemagicsjacks.xyz/wp-admin/pzp2my-a4ma-335/
http://heminghao.club/phpmyadmin/bos25l-sisvzsm-51/
http://redbeat.club/wp-snapshots/fzAArnYv/
Targets
-
-
Target
934083e9205db8fbd2eb4d537eb84ce9eecbb8fd70df07cc874f8af7a7164fe8
-
Size
238KB
-
MD5
5af77638931702e8b0ea8862a2e70b78
-
SHA1
b133a5f424f8ecf8b46a9c996b51874adc78e7d2
-
SHA256
934083e9205db8fbd2eb4d537eb84ce9eecbb8fd70df07cc874f8af7a7164fe8
-
SHA512
f6c80ea0e1db089267bf6b318ec3945c3c2b9baff33be2a20ac058a5a986460de2c2e1841af11e7f24b8ff4ba315a7e7a868b24a783de39eb11cfe492af9c0d9
-
SSDEEP
6144:70Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+ZwZwyx:70E3dxtR/iU9mvUPqZw4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-