General
-
Target
YQpjoXnBJr.zip
-
Size
81KB
-
Sample
241129-pee4navkhv
-
MD5
f34d8b9c3a6a06841add6dddbdc13e72
-
SHA1
81766cec4e63fe710eab322c049bcfa15e50b0f9
-
SHA256
27be11fa92a078991c195850e10e1acfac1bd78f860cb803fffe7c9622227983
-
SHA512
e77101c02f89f22ec703268c174d335317ce9aab587af838f25972ecd244582c6fc329cbe49cdc4ef0981bfea45b80e4a847ee21fc3f851733bf92d5e95b163f
-
SSDEEP
1536:QkiugyD7Alv/Fxr4Xhh5Yni6LYzbSHC17+ONhJ6HLELUEbYjtXuXG:GuRS3r4Xhgrch+ONWHLELUEbTG
Malware Config
Targets
-
-
Target
YQpjoXnBJr/WRQDouwL.png
-
Size
150KB
-
MD5
8c16f434c6368c0a59d01f82dfdae4c8
-
SHA1
9fb837536241866db25be8af035f47f24539bfd3
-
SHA256
f4faf31b67ed1262db67a8dee7014841e7197cce87e66a8faa270a97bc0e909d
-
SHA512
c86e56965559cacc2db25f5d0b86f99bc10fe91d1b698a63c183e4da700760ba8f7772612d036148cefa4e66459675b44e44fb95f8467a6c5af6b9f353c5b9c7
-
SSDEEP
3072:n0fsUhwCt/AO41upua+ZaGxMYb4QR3TjqjHnPg2pwQ5YV:n0fswwCto/1upua+ZaGCYb4QlT6HPTwT
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Download via BitsAdmin
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
YQpjoXnBJr/WRQDouwL.png.ps1
-
Size
304KB
-
MD5
803d84838415f3c36742821f70203a8f
-
SHA1
e3b4bc28676f9f1c2c71fff706d240e9557df75e
-
SHA256
e20d63d82415c54f408d750f77b1442b4540e1e7eca70cc5e77fc06a093a1eec
-
SHA512
e083ed91c0eb5316d12ba090f2c14ed8a01075ebbb25a47f1f30ef56bf9877556aebb9e12ea0d39ef7ff5fcfd98e43c6c4fdb828936264e5abe75f2620277000
-
SSDEEP
1536:xoXGg/lCHSnPiCqoUZRCHJt50IRNGTRwOs3iFXO57fEPmjwl3Fo5+w5vKBx9SG0W:fmmp
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Download via BitsAdmin
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-