Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

5cfb7502079d7642102cb08f21f538788a3a09b9c2c414a343aa92a2b759ec50
Size

36KB
Sample

230129-x226pscb4x
MD5

c02f3382253da7ea2432fe82db289978
SHA1

d4ee44d6c306f377e5e9473186473e1af4071d3c
SHA256

5cfb7502079d7642102cb08f21f538788a3a09b9c2c414a343aa92a2b759ec50
SHA512

39325c652bfd78de799cead50728b37c674c22df7f7ae5b238cfe543a88309219cc39a29591c8238673b3ba6e160979e9905c61579bd8f581d1c9cf836ea7fb8
SSDEEP

768:HPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJPxCPspNf9Pi8Vw200o:vok3hbdlylKsgqopeJBWhZFGkE+cL2NR

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  5cfb7502079d7642102cb08f21f538788a3a09b9c2c414a343aa92a2b759ec50
- Size
  
  36KB
- MD5
  
  c02f3382253da7ea2432fe82db289978
- SHA1
  
  d4ee44d6c306f377e5e9473186473e1af4071d3c
- SHA256
  
  5cfb7502079d7642102cb08f21f538788a3a09b9c2c414a343aa92a2b759ec50
- SHA512
  
  39325c652bfd78de799cead50728b37c674c22df7f7ae5b238cfe543a88309219cc39a29591c8238673b3ba6e160979e9905c61579bd8f581d1c9cf836ea7fb8
- SSDEEP
  
  768:HPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJPxCPspNf9Pi8Vw200o:vok3hbdlylKsgqopeJBWhZFGkE+cL2NR
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2