General
-
Target
0a8322475bb0bd268db25a991967d264b6cc5363c220e1615fc0ffed212b385b
-
Size
179KB
-
Sample
241120-kj3cjaypdq
-
MD5
e283d21c33f06add1ead67f105f5e82c
-
SHA1
e0bf01120fa3f8c51fbd18fec43ab87db7abd300
-
SHA256
0a8322475bb0bd268db25a991967d264b6cc5363c220e1615fc0ffed212b385b
-
SHA512
d8c7177391837ca74b65df9a741a510f22189c61ee59b3141b98f231cdfb3e4763d24d6225546919f2124377fcf2b9211bee2955fd354188a6001ee3c33ca223
-
SSDEEP
3072:T/2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXeL:T/2k43tGiL3HJk96D7bb0z0rllXo
Malware Config
Extracted
http://www.yadegarebastan.com/wp-content/mhear/
http://bikerzonebd.com/wp-admin/89gw/
http://shptoys.com/_old/bvGej/
http://www.vestalicom.com/facturation/qgm0t/
http://www.aliounendiaye.com/wp-content/f3hs6j/
Targets
-
-
Target
0a8322475bb0bd268db25a991967d264b6cc5363c220e1615fc0ffed212b385b
-
Size
179KB
-
MD5
e283d21c33f06add1ead67f105f5e82c
-
SHA1
e0bf01120fa3f8c51fbd18fec43ab87db7abd300
-
SHA256
0a8322475bb0bd268db25a991967d264b6cc5363c220e1615fc0ffed212b385b
-
SHA512
d8c7177391837ca74b65df9a741a510f22189c61ee59b3141b98f231cdfb3e4763d24d6225546919f2124377fcf2b9211bee2955fd354188a6001ee3c33ca223
-
SSDEEP
3072:T/2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXeL:T/2k43tGiL3HJk96D7bb0z0rllXo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-