General
-
Target
77b36ea5d14f287d8ac426a002b3f6eeb4d337b65221fc6037840e087b4ce093
-
Size
181KB
-
Sample
241120-nh3tfs1jak
-
MD5
24730dd65a58c9581ca842fda4bf1a0f
-
SHA1
1f5551d5364acf93210e607e2c27b7173f75b09a
-
SHA256
77b36ea5d14f287d8ac426a002b3f6eeb4d337b65221fc6037840e087b4ce093
-
SHA512
b428dd175a0a9943f01ff3949234f1c7d0429610c530c93163ade70439df4d9ce8ff0c8f328ff61bba7a5064615dc26432fda1247055113bc8910d97957cc948
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7f:9NO2k4PF7tGiL3HJk9rD7bdasiv86r
Malware Config
Extracted
http://diwafashions.com/wp-admin/mqau6/
http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
http://dixartcontractors.com/cgi-bin/nnuv/
http://diaspotv.info/wordpress/G/
http://easyvisaoverseas.com/cgi-bin/v/
Targets
-
-
Target
77b36ea5d14f287d8ac426a002b3f6eeb4d337b65221fc6037840e087b4ce093
-
Size
181KB
-
MD5
24730dd65a58c9581ca842fda4bf1a0f
-
SHA1
1f5551d5364acf93210e607e2c27b7173f75b09a
-
SHA256
77b36ea5d14f287d8ac426a002b3f6eeb4d337b65221fc6037840e087b4ce093
-
SHA512
b428dd175a0a9943f01ff3949234f1c7d0429610c530c93163ade70439df4d9ce8ff0c8f328ff61bba7a5064615dc26432fda1247055113bc8910d97957cc948
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7f:9NO2k4PF7tGiL3HJk9rD7bdasiv86r
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-