General
-
Target
59359de277a6e873c36ee2c640983a5a1781ce3a2790dee6598f9ae531a67bc1
-
Size
177KB
-
Sample
241121-acww3a1kgj
-
MD5
77852f9e9c9d0c07abb6c758e940aa70
-
SHA1
b26d1e664953c9a3d1d34ea1d3dbd2a018e66231
-
SHA256
59359de277a6e873c36ee2c640983a5a1781ce3a2790dee6598f9ae531a67bc1
-
SHA512
d0975ac64f011efc25b71caec41daa96aa8ae3dea51ae85b12163172744ec06fb0d7ea4091e778bf5c3f1534b5cf5899a6af699aad3c85cd5f8064dd4bfd67ca
-
SSDEEP
3072:8f2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXe:8f2k43tGiL3HJk96D7bb0z0rllX
Malware Config
Extracted
http://www.yadegarebastan.com/wp-content/mhear/
http://bikerzonebd.com/wp-admin/89gw/
http://shptoys.com/_old/bvGej/
http://www.vestalicom.com/facturation/qgm0t/
http://www.aliounendiaye.com/wp-content/f3hs6j/
Targets
-
-
Target
59359de277a6e873c36ee2c640983a5a1781ce3a2790dee6598f9ae531a67bc1
-
Size
177KB
-
MD5
77852f9e9c9d0c07abb6c758e940aa70
-
SHA1
b26d1e664953c9a3d1d34ea1d3dbd2a018e66231
-
SHA256
59359de277a6e873c36ee2c640983a5a1781ce3a2790dee6598f9ae531a67bc1
-
SHA512
d0975ac64f011efc25b71caec41daa96aa8ae3dea51ae85b12163172744ec06fb0d7ea4091e778bf5c3f1534b5cf5899a6af699aad3c85cd5f8064dd4bfd67ca
-
SSDEEP
3072:8f2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU/ZB0zstySfNllXe:8f2k43tGiL3HJk96D7bb0z0rllX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in System32 directory
-