General
-
Target
8bd55b72e96b1ec555e05044f6a138108b35cd6f505a46951db7dd83be96f489
-
Size
115KB
-
Sample
241120-zwbgxasgpe
-
MD5
c55de90647aef216768b8516a3263468
-
SHA1
253eb1648ed416e8791f0465e76b3b5696276065
-
SHA256
8bd55b72e96b1ec555e05044f6a138108b35cd6f505a46951db7dd83be96f489
-
SHA512
f4377d1199c3a13eb9527abfe9282949eb1cd5a82d58cd7e61043f900f84e3ec8a7d7675dc324499982e9b58362c65213075b41e0f59c37fb95b34376b758724
-
SSDEEP
3072:FG1t/LKpd4LcRtaXR3KUtE4sYzOXPn1CpR:FiHL8e3KU5skOXN4
Malware Config
Extracted
http://sumedhaonline.com/wp-content/HyzNXJ30XOQVcBSRH/
http://divachintextiles.com/wp-includes/WWhWRKs8KvzNFm6/
http://hotelandamalabo.com/1520/bUdhEPdf/
http://shwenantawwin.com/copma/XTnZIi02vfVblK7/
http://tan4j.com/wp-content/languages/yOI5h8uoRe/
https://khibra-academy.com/wp-content/c1dR8wP4OdhzApHn/
https://dwwmaster.com/wp-content/W7XGpodRs5kYvnV/
http://edinsonjhernandez.net/wp-content/vndSGB/
https://stayathomeamerica.com/wp-content/nrQWW/
http://quetzalgt.coffee/images/B5WUc/
http://edinsonjhernandez.info/wp-content/BaazJljahSR2/
http://xn--90agbba9adnzt3i.com/ALFA_DATA/ucCbi6G/
Targets
-
-
Target
8bd55b72e96b1ec555e05044f6a138108b35cd6f505a46951db7dd83be96f489
-
Size
115KB
-
MD5
c55de90647aef216768b8516a3263468
-
SHA1
253eb1648ed416e8791f0465e76b3b5696276065
-
SHA256
8bd55b72e96b1ec555e05044f6a138108b35cd6f505a46951db7dd83be96f489
-
SHA512
f4377d1199c3a13eb9527abfe9282949eb1cd5a82d58cd7e61043f900f84e3ec8a7d7675dc324499982e9b58362c65213075b41e0f59c37fb95b34376b758724
-
SSDEEP
3072:FG1t/LKpd4LcRtaXR3KUtE4sYzOXPn1CpR:FiHL8e3KU5skOXN4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-