General
-
Target
8af34572198caf5b2cbb28c3f249b2c4c128f08a45525a42ffe41ec4efc6ac6e
-
Size
161KB
-
Sample
241120-mvnpmazpen
-
MD5
8b285cd139bcda342d2de7fd4d5821d7
-
SHA1
1ec5aa4aedd95f48941bfe108bbebd9c7214ba13
-
SHA256
8af34572198caf5b2cbb28c3f249b2c4c128f08a45525a42ffe41ec4efc6ac6e
-
SHA512
4de2e67b4e997f4ace7f1fc107a66114117c3e0142b47ff2c586090e1ac7cf6931871197bd4ae09f0018ca37b3eac3027b84ab2d7107913504c299f42408c479
-
SSDEEP
3072:Y7iNHPWUUPVRJfr722TWTogk079THcpOu5UZm5oKFS32TZImW:Y7iNyPVnfX/TX07hHcJQPKI3IZxW
Malware Config
Extracted
http://prosperahertz.com/qsz6j/Cj/
http://offonourown.com/OffOnOurOwn/SLOM/
http://ibccglobal.com/thankyou2/sbhW7/
http://13.229.25.57/7xdfb/OK/
http://tingchaojianxin.com/shouqian/qDjMfs/
http://work.digitalvichar.com/1mv7clu/zt/
http://canadatourpackages.ca/2j9n6aqh/3LEno/
Targets
-
-
Target
8af34572198caf5b2cbb28c3f249b2c4c128f08a45525a42ffe41ec4efc6ac6e
-
Size
161KB
-
MD5
8b285cd139bcda342d2de7fd4d5821d7
-
SHA1
1ec5aa4aedd95f48941bfe108bbebd9c7214ba13
-
SHA256
8af34572198caf5b2cbb28c3f249b2c4c128f08a45525a42ffe41ec4efc6ac6e
-
SHA512
4de2e67b4e997f4ace7f1fc107a66114117c3e0142b47ff2c586090e1ac7cf6931871197bd4ae09f0018ca37b3eac3027b84ab2d7107913504c299f42408c479
-
SSDEEP
3072:Y7iNHPWUUPVRJfr722TWTogk079THcpOu5UZm5oKFS32TZImW:Y7iNyPVnfX/TX07hHcJQPKI3IZxW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-