951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33 | Triage

Sharing

General

Target

951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
Size

36KB
Sample

230129-x2xafscb3x
MD5

5887df2e3efe39958c4d9645c8c0a840
SHA1

9fb4b74d4ff248a178b9451c61191e0d6f8c9159
SHA256

951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
SHA512

0c0c0fbbc3fa6f63014216f918000425e184db9979a6474217848fc233eaed0996c767bc4ecf5a5ce2e6f6b812334cf6cd4adef6662990442350fbf5a4ae1a56
SSDEEP

768:PPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJC/0zkorHDHeeTRiG+gh:nok3hbdlylKsgqopeJBWhZFGkE+cL2NU

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
- Size
  
  36KB
- MD5
  
  5887df2e3efe39958c4d9645c8c0a840
- SHA1
  
  9fb4b74d4ff248a178b9451c61191e0d6f8c9159
- SHA256
  
  951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
- SHA512
  
  0c0c0fbbc3fa6f63014216f918000425e184db9979a6474217848fc233eaed0996c767bc4ecf5a5ce2e6f6b812334cf6cd4adef6662990442350fbf5a4ae1a56
- SSDEEP
  
  768:PPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJC/0zkorHDHeeTRiG+gh:nok3hbdlylKsgqopeJBWhZFGkE+cL2NU
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2