General
-
Target
0d68a111655b8579f9a4d1fc85f6684890598e26b10ffe5292522fc861c45a99
-
Size
179KB
-
Sample
241120-fxkbnasekl
-
MD5
366e71b220625a65b0a23d4c434b5866
-
SHA1
321e250c73fe8f35a12e9328e3bbaca01c696823
-
SHA256
0d68a111655b8579f9a4d1fc85f6684890598e26b10ffe5292522fc861c45a99
-
SHA512
2f6939d8a7d1e88e9fbbb70b321b6609eb7d0e4682eaa1631e05d49e15f35e02335c79d512a0f8744cbb345e937053f400fb01fe1d80a1b1c4c1574af7d22d5d
-
SSDEEP
3072:WL2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXe5:WL2k43tGiL3HJk96D7bb0z0rllXY
Malware Config
Extracted
http://www.yadegarebastan.com/wp-content/mhear/
http://bikerzonebd.com/wp-admin/89gw/
http://shptoys.com/_old/bvGej/
http://www.vestalicom.com/facturation/qgm0t/
http://www.aliounendiaye.com/wp-content/f3hs6j/
Targets
-
-
Target
0d68a111655b8579f9a4d1fc85f6684890598e26b10ffe5292522fc861c45a99
-
Size
179KB
-
MD5
366e71b220625a65b0a23d4c434b5866
-
SHA1
321e250c73fe8f35a12e9328e3bbaca01c696823
-
SHA256
0d68a111655b8579f9a4d1fc85f6684890598e26b10ffe5292522fc861c45a99
-
SHA512
2f6939d8a7d1e88e9fbbb70b321b6609eb7d0e4682eaa1631e05d49e15f35e02335c79d512a0f8744cbb345e937053f400fb01fe1d80a1b1c4c1574af7d22d5d
-
SSDEEP
3072:WL2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXe5:WL2k43tGiL3HJk96D7bb0z0rllXY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-