General
-
Target
5a305a84612f5f29d650c086ecb69a4e921e2a6413f0d84eb42dbc2001e58fed
-
Size
173KB
-
Sample
241120-nex4sswgnl
-
MD5
e3e984bba21dc612237d510984cde5c2
-
SHA1
5c1e780500bda87f5bcae96e9d15953a5dba19df
-
SHA256
5a305a84612f5f29d650c086ecb69a4e921e2a6413f0d84eb42dbc2001e58fed
-
SHA512
baf200a8b8f4ff57854d24c65716443bac882a8690a96b757d530ddf2966a88ca5858cf4c3cdebfad676d2b4d4d2c5427c5474dc0e4173a318463e82f1329c8f
-
SSDEEP
3072:t54PrXcuQuvpzm4bkiaMQgAlS9gMFpmT6Cm1PwnbrQ6aQRZ:8DRv1m4bnQgIS9g0pPonbrQ4RZ
Malware Config
Extracted
https://haoqunkong.com/bn/s9w4tgcjl_f6669ugu_w4bj/
https://www.techtravel.events/informationl/8lsjhrl6nnkwgyzsudzam_h3wng_a6v5/
http://digiwebmarketing.com/wp-admin/72t0jjhmv7takwvisfnz_eejvf_h6v2ix/
http://holfve.se/images/1ckw5mj49w_2k11px_d/
http://www.cfm.nl/_backup/yfhrmh6u0heidnwruwha2t4mjz6p_yxhyu390i6_q93hkh3ddm/
Targets
-
-
Target
5a305a84612f5f29d650c086ecb69a4e921e2a6413f0d84eb42dbc2001e58fed
-
Size
173KB
-
MD5
e3e984bba21dc612237d510984cde5c2
-
SHA1
5c1e780500bda87f5bcae96e9d15953a5dba19df
-
SHA256
5a305a84612f5f29d650c086ecb69a4e921e2a6413f0d84eb42dbc2001e58fed
-
SHA512
baf200a8b8f4ff57854d24c65716443bac882a8690a96b757d530ddf2966a88ca5858cf4c3cdebfad676d2b4d4d2c5427c5474dc0e4173a318463e82f1329c8f
-
SSDEEP
3072:t54PrXcuQuvpzm4bkiaMQgAlS9gMFpmT6Cm1PwnbrQ6aQRZ:8DRv1m4bnQgIS9g0pPonbrQ4RZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-