General
-
Target
31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147
-
Size
36KB
-
Sample
230129-x28cqacb5y
-
MD5
be42208b9b4852b7787910c984672e48
-
SHA1
8a842fcafbb7c35c9d390064d9031f8481aa8b4f
-
SHA256
31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147
-
SHA512
49d12fe027dec967c6f608fe5e8bbf9c5f990634270fc87fe5e39ba043f4ad1b654f6d6d136e1b031041d433643661b891c9ee4b37ed9449f88238649ba633d4
-
SSDEEP
768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ0o6y2J6tXJzT:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Ny
Malware Config
Extracted
https://statedauto.com/wp-data.php
https://markens.online/wp-data.php
Targets
-
-
Target
31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147
-
Size
36KB
-
MD5
be42208b9b4852b7787910c984672e48
-
SHA1
8a842fcafbb7c35c9d390064d9031f8481aa8b4f
-
SHA256
31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147
-
SHA512
49d12fe027dec967c6f608fe5e8bbf9c5f990634270fc87fe5e39ba043f4ad1b654f6d6d136e1b031041d433643661b891c9ee4b37ed9449f88238649ba633d4
-
SSDEEP
768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ0o6y2J6tXJzT:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Ny
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation