General
-
Target
c5299de3be37f888ac3770138f01750a06b17a2957a53ac05de0704c22983689
-
Size
44KB
-
Sample
240705-1ecjbayeqa
-
MD5
c90eb6d9f5e009db82bb7472744a0fed
-
SHA1
626f281889960650bdb49062bcb711b0c4ddf84f
-
SHA256
c5299de3be37f888ac3770138f01750a06b17a2957a53ac05de0704c22983689
-
SHA512
b941f503d82e8057ca55010d5016c0e4446b730512da9d612844799b48a9657d3f1e1a2671e96f40ed43754ca195df9b159cb43fc46554b26dafbc6a248420fb
-
SSDEEP
768:Wetvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJwzzbWXuFlmQQcApJ9acn9ar:dwk3hbdlylKsgqopeJBWhZFGkE+cL2Np
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
c5299de3be37f888ac3770138f01750a06b17a2957a53ac05de0704c22983689
-
Size
44KB
-
MD5
c90eb6d9f5e009db82bb7472744a0fed
-
SHA1
626f281889960650bdb49062bcb711b0c4ddf84f
-
SHA256
c5299de3be37f888ac3770138f01750a06b17a2957a53ac05de0704c22983689
-
SHA512
b941f503d82e8057ca55010d5016c0e4446b730512da9d612844799b48a9657d3f1e1a2671e96f40ed43754ca195df9b159cb43fc46554b26dafbc6a248420fb
-
SSDEEP
768:Wetvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJwzzbWXuFlmQQcApJ9acn9ar:dwk3hbdlylKsgqopeJBWhZFGkE+cL2Np
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-