7e22fed6489754b521766007eea105409884687927fbec0416151f40ce435a9b | Triage

Sharing

General

Target

7e22fed6489754b521766007eea105409884687927fbec0416151f40ce435a9b
Size

36KB
Sample

221130-ts4rdshh5x
MD5

0ed71fd84c1e02205efbe02b9e606946
SHA1

0d383ef3e04e3a678fbd2ecfc6863d93027627b9
SHA256

7e22fed6489754b521766007eea105409884687927fbec0416151f40ce435a9b
SHA512

fdfcaa9666d95bce8f51039020d3a0704584c27a14983c9e1bd852a7d58ee337dfc3da73027065e4c4f058bb60af6a6c8f7953911e4cbe240532499ed034e45e
SSDEEP

768:zPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpQtl3HG/V9dw:rok3hbdlylKsgqopeJBWhZFGkE+cL2N7

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  7e22fed6489754b521766007eea105409884687927fbec0416151f40ce435a9b
- Size
  
  36KB
- MD5
  
  0ed71fd84c1e02205efbe02b9e606946
- SHA1
  
  0d383ef3e04e3a678fbd2ecfc6863d93027627b9
- SHA256
  
  7e22fed6489754b521766007eea105409884687927fbec0416151f40ce435a9b
- SHA512
  
  fdfcaa9666d95bce8f51039020d3a0704584c27a14983c9e1bd852a7d58ee337dfc3da73027065e4c4f058bb60af6a6c8f7953911e4cbe240532499ed034e45e
- SSDEEP
  
  768:zPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpQtl3HG/V9dw:rok3hbdlylKsgqopeJBWhZFGkE+cL2N7
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2