General
-
Target
b7151cb567790466a363e545251589008459b00c6a8a30dacad540aac09ce922
-
Size
34KB
-
Sample
240704-1wjc7atdqg
-
MD5
2c8e68bed900a04069794647be857367
-
SHA1
b6fb06f193140dc93b8e2b2fc176ec2a7507ec71
-
SHA256
b7151cb567790466a363e545251589008459b00c6a8a30dacad540aac09ce922
-
SHA512
c62deaf9283c428a710ec5afa57f0d1730eb69f0ec3f8257fe14a3107f42876e2ff2800520e1f99fc3bdf9155af38cdb278d318df64feb21dc0c1e02c22d2297
-
SSDEEP
768:ZveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:5SP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
b7151cb567790466a363e545251589008459b00c6a8a30dacad540aac09ce922
-
Size
34KB
-
MD5
2c8e68bed900a04069794647be857367
-
SHA1
b6fb06f193140dc93b8e2b2fc176ec2a7507ec71
-
SHA256
b7151cb567790466a363e545251589008459b00c6a8a30dacad540aac09ce922
-
SHA512
c62deaf9283c428a710ec5afa57f0d1730eb69f0ec3f8257fe14a3107f42876e2ff2800520e1f99fc3bdf9155af38cdb278d318df64feb21dc0c1e02c22d2297
-
SSDEEP
768:ZveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:5SP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-