General
-
Target
74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc
-
Size
177KB
-
Sample
241120-yqrfhasajb
-
MD5
6d801d954271f11111d92b722ecf451d
-
SHA1
35c3e6ae44e5b268fd5a8aa4f86339b46781261d
-
SHA256
74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc
-
SHA512
85dbe6b556052333c94446575d6e5108e05bfd32d8750d455973d8336cf518de886661a6e46726cedb7cb22569bf7c25aaa05e095da4027ae302c730d0792663
-
SSDEEP
3072:y72y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU6ZB0zstySfNllXe:y72k43tGiL3HJk96D7bs0z0rllX
Malware Config
Extracted
http://www.yadegarebastan.com/wp-content/mhear/
http://bikerzonebd.com/wp-admin/89gw/
http://shptoys.com/_old/bvGej/
http://www.vestalicom.com/facturation/qgm0t/
http://www.aliounendiaye.com/wp-content/f3hs6j/
Targets
-
-
Target
74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc
-
Size
177KB
-
MD5
6d801d954271f11111d92b722ecf451d
-
SHA1
35c3e6ae44e5b268fd5a8aa4f86339b46781261d
-
SHA256
74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc
-
SHA512
85dbe6b556052333c94446575d6e5108e05bfd32d8750d455973d8336cf518de886661a6e46726cedb7cb22569bf7c25aaa05e095da4027ae302c730d0792663
-
SSDEEP
3072:y72y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU6ZB0zstySfNllXe:y72k43tGiL3HJk96D7bs0z0rllX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-