General
-
Target
d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18
-
Size
239KB
-
Sample
241120-x1swms1qhz
-
MD5
50bdb4343c0816c1908b32ff2ba9cea3
-
SHA1
4ab1840794b41baf7c344663dc4013e45a3bc0ae
-
SHA256
d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18
-
SHA512
26f6db8694329f87e458da7fefef5e1a468f2b57aa1574e414ba20edb12c3c899f4cad69d17dec7752ff54880126ff69c3eba5491cae19d550887d373e2f1052
-
SSDEEP
3072:Di8rNzbWOlrV1c231w8N6eXENf7KnEhJivKie6B/w2yiWydwJt3MP0iIepuxQt/:UJiP/w2P83NikmV
Malware Config
Extracted
http://tuankhoi.com/wp-content/CI2oG/
https://www.microsystem.fr/newsletters/uITRJ/
https://natfast.com/wp-content/geeVh/
https://blog.smyrnaweb.com/cgi-bin/Kzd0vdC/
https://mhkhardware.com/cgi-bin/Mrn/
https://ostemeda.lt/wp-content/S/
https://blog.techforing.com/wp-includes/3XgEg7/
https://techzslack.com/wp-includes/gSXf/
Targets
-
-
Target
d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18
-
Size
239KB
-
MD5
50bdb4343c0816c1908b32ff2ba9cea3
-
SHA1
4ab1840794b41baf7c344663dc4013e45a3bc0ae
-
SHA256
d662e568c3ada720dad0aa0f17466949f6a185fd3c3f3fd2a239225864d50d18
-
SHA512
26f6db8694329f87e458da7fefef5e1a468f2b57aa1574e414ba20edb12c3c899f4cad69d17dec7752ff54880126ff69c3eba5491cae19d550887d373e2f1052
-
SSDEEP
3072:Di8rNzbWOlrV1c231w8N6eXENf7KnEhJivKie6B/w2yiWydwJt3MP0iIepuxQt/:UJiP/w2P83NikmV
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-