General

  • Target

    096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37

  • Size

    83KB

  • Sample

    220113-2dpypachc5

  • MD5

    5683076d4912043d209e4456df72457c

  • SHA1

    2176256f3f12b3b3252334f58c656123a9d95178

  • SHA256

    096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37

  • SHA512

    ecec970884e861525a48fec9d50cf2d159e4aa81c382dce7a1903201e427f7ff4e1f3a909268c39e95f43f9f01e62f6721987d17664929e34c3df3df2e5e29ba

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://robotically.xyz/wp-content/XtKkx/

xlm40.dropper

http://2.arthaloca.com/styles/dS5RNprosfCabLtYEwO/

xlm40.dropper

https://notesculture.com/wp-includes/LuQtO3MiyJFFcF/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://robotically.xyz/wp-content/XtKkx/

Targets

    • Target

      096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37

    • Size

      83KB

    • MD5

      5683076d4912043d209e4456df72457c

    • SHA1

      2176256f3f12b3b3252334f58c656123a9d95178

    • SHA256

      096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37

    • SHA512

      ecec970884e861525a48fec9d50cf2d159e4aa81c382dce7a1903201e427f7ff4e1f3a909268c39e95f43f9f01e62f6721987d17664929e34c3df3df2e5e29ba

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks