General
-
Target
YQpjoXnBJr.zip
-
Size
81KB
-
Sample
241129-nlabbasqas
-
MD5
f34d8b9c3a6a06841add6dddbdc13e72
-
SHA1
81766cec4e63fe710eab322c049bcfa15e50b0f9
-
SHA256
27be11fa92a078991c195850e10e1acfac1bd78f860cb803fffe7c9622227983
-
SHA512
e77101c02f89f22ec703268c174d335317ce9aab587af838f25972ecd244582c6fc329cbe49cdc4ef0981bfea45b80e4a847ee21fc3f851733bf92d5e95b163f
-
SSDEEP
1536:QkiugyD7Alv/Fxr4Xhh5Yni6LYzbSHC17+ONhJ6HLELUEbYjtXuXG:GuRS3r4Xhgrch+ONWHLELUEbTG
Malware Config
Targets
-
-
Target
YQpjoXnBJr.zip
-
Size
81KB
-
MD5
f34d8b9c3a6a06841add6dddbdc13e72
-
SHA1
81766cec4e63fe710eab322c049bcfa15e50b0f9
-
SHA256
27be11fa92a078991c195850e10e1acfac1bd78f860cb803fffe7c9622227983
-
SHA512
e77101c02f89f22ec703268c174d335317ce9aab587af838f25972ecd244582c6fc329cbe49cdc4ef0981bfea45b80e4a847ee21fc3f851733bf92d5e95b163f
-
SSDEEP
1536:QkiugyD7Alv/Fxr4Xhh5Yni6LYzbSHC17+ONhJ6HLELUEbYjtXuXG:GuRS3r4Xhgrch+ONWHLELUEbTG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Download via BitsAdmin
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-