General

  • Target

    48acec301609bf1433b7becaef389a11b7b53ebfeaf75c2facaa208cbdad388f

  • Size

    36KB

  • Sample

    230129-x2331acb4y

  • MD5

    9e147c591e54dc70394322903070e834

  • SHA1

    24423ab4c9f27edc2b6f5118ab208005786e7c4a

  • SHA256

    48acec301609bf1433b7becaef389a11b7b53ebfeaf75c2facaa208cbdad388f

  • SHA512

    e332b3a14ce620af36b506d99e838483d64600e251caf35b852fe930766d5dbb5dc64fc3a2f6c2f9c7b1258ca2191c7c61ccda04549a38f4399eafacb15df9e2

  • SSDEEP

    768:kPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJnfM3gh5c+D6/:Aok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      48acec301609bf1433b7becaef389a11b7b53ebfeaf75c2facaa208cbdad388f

    • Size

      36KB

    • MD5

      9e147c591e54dc70394322903070e834

    • SHA1

      24423ab4c9f27edc2b6f5118ab208005786e7c4a

    • SHA256

      48acec301609bf1433b7becaef389a11b7b53ebfeaf75c2facaa208cbdad388f

    • SHA512

      e332b3a14ce620af36b506d99e838483d64600e251caf35b852fe930766d5dbb5dc64fc3a2f6c2f9c7b1258ca2191c7c61ccda04549a38f4399eafacb15df9e2

    • SSDEEP

      768:kPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJnfM3gh5c+D6/:Aok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks