General
-
Target
fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f
-
Size
62KB
-
Sample
241122-cn2ykasld1
-
MD5
8cf2a878780f9f16e7dd5ce997ee9a97
-
SHA1
0f5c26827acc179f7619b847a21de4e63b7bddce
-
SHA256
fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f
-
SHA512
e0ba84a3667ee46a042b167a624dcf3c14c2de28cba94dcba1afb6f035c6b52eddeec26a02fff4e2b4ef1ed9fea330169a302d979b7563c37db7903354e1b13d
-
SSDEEP
768:8ooSooooUatoXoooonooqoooUoooooIooUpJcaUitGAlmrJpmxlzC+w99NBD3y6L:QptJlmrJpmxlRw99NB7yZhERepNiqwC
Malware Config
Extracted
http://tomas.datanom.fi/testlab/w0qi46LyvZ
http://www.plasdo.com/MNXfUEtpo
http://vinastone.com/m3qQf5sLVY
http://vaarbewijzer.nl/D50JpVAsc0
http://ruforum.uonbi.ac.ke/wp-content/uploads/afZG2WrC
Targets
-
-
Target
fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f
-
Size
62KB
-
MD5
8cf2a878780f9f16e7dd5ce997ee9a97
-
SHA1
0f5c26827acc179f7619b847a21de4e63b7bddce
-
SHA256
fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f
-
SHA512
e0ba84a3667ee46a042b167a624dcf3c14c2de28cba94dcba1afb6f035c6b52eddeec26a02fff4e2b4ef1ed9fea330169a302d979b7563c37db7903354e1b13d
-
SSDEEP
768:8ooSooooUatoXoooonooqoooUoooooIooUpJcaUitGAlmrJpmxlzC+w99NBD3y6L:QptJlmrJpmxlRw99NB7yZhERepNiqwC
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-