Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d
Size

36KB
Sample

230129-x26h5acb5v
MD5

d27410ae8a23e37066d011c8ea75410c
SHA1

4cdefca60b6c7e80813432b3c5d16f9dd50fc98e
SHA256

3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d
SHA512

ad3dac3ec43087636c2ef6c2653f22e27a846790c1e3f894f93403b43bd5259c8b9033119056eed3c55a160f050d88852e7ddb00db856be83be803a689fcfef5
SSDEEP

768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYgcuVKpu5JSMiGC4:Zok3hbdlylKsgqopeJBWhZFGkE+cL2NM

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d
- Size
  
  36KB
- MD5
  
  d27410ae8a23e37066d011c8ea75410c
- SHA1
  
  4cdefca60b6c7e80813432b3c5d16f9dd50fc98e
- SHA256
  
  3e645d26dc93bde0940f77f306482cb89846233d443f9618e2355b17c6e9cf9d
- SHA512
  
  ad3dac3ec43087636c2ef6c2653f22e27a846790c1e3f894f93403b43bd5259c8b9033119056eed3c55a160f050d88852e7ddb00db856be83be803a689fcfef5
- SSDEEP
  
  768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYgcuVKpu5JSMiGC4:Zok3hbdlylKsgqopeJBWhZFGkE+cL2NM
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2