General

  • Target

    3e61b6a9697c209952342ac1118fdc9492f06b515b54337cf3583816e91667ad

  • Size

    36KB

  • Sample

    230129-x27fesaf95

  • MD5

    7be7a30a9f9800ae8d6dffd95e773f27

  • SHA1

    15b8cd577e3663274754fc3dc0899bc4828a0933

  • SHA256

    3e61b6a9697c209952342ac1118fdc9492f06b515b54337cf3583816e91667ad

  • SHA512

    3358b572ea236c69f9afb69003a9125cee2b461bc96699c9e7e778fabdd25b0b73bebac3b1425f4f9821dd0253d4d40e6172b4aec5f7b67233b72918e3ceaa79

  • SSDEEP

    768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ8yRc8lI2DBTjEc+:1ok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      3e61b6a9697c209952342ac1118fdc9492f06b515b54337cf3583816e91667ad

    • Size

      36KB

    • MD5

      7be7a30a9f9800ae8d6dffd95e773f27

    • SHA1

      15b8cd577e3663274754fc3dc0899bc4828a0933

    • SHA256

      3e61b6a9697c209952342ac1118fdc9492f06b515b54337cf3583816e91667ad

    • SHA512

      3358b572ea236c69f9afb69003a9125cee2b461bc96699c9e7e778fabdd25b0b73bebac3b1425f4f9821dd0253d4d40e6172b4aec5f7b67233b72918e3ceaa79

    • SSDEEP

      768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ8yRc8lI2DBTjEc+:1ok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks