General

  • Target

    3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d

  • Size

    36KB

  • Sample

    230129-x26h5acb5v

  • MD5

    d27410ae8a23e37066d011c8ea75410c

  • SHA1

    4cdefca60b6c7e80813432b3c5d16f9dd50fc98e

  • SHA256

    3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d

  • SHA512

    ad3dac3ec43087636c2ef6c2653f22e27a846790c1e3f894f93403b43bd5259c8b9033119056eed3c55a160f050d88852e7ddb00db856be83be803a689fcfef5

  • SSDEEP

    768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYgcuVKpu5JSMiGC4:Zok3hbdlylKsgqopeJBWhZFGkE+cL2NM

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d

    • Size

      36KB

    • MD5

      d27410ae8a23e37066d011c8ea75410c

    • SHA1

      4cdefca60b6c7e80813432b3c5d16f9dd50fc98e

    • SHA256

      3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d

    • SHA512

      ad3dac3ec43087636c2ef6c2653f22e27a846790c1e3f894f93403b43bd5259c8b9033119056eed3c55a160f050d88852e7ddb00db856be83be803a689fcfef5

    • SSDEEP

      768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYgcuVKpu5JSMiGC4:Zok3hbdlylKsgqopeJBWhZFGkE+cL2NM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks