930aa44813720d859563dae510deb7c3e72e9a92de3bb57b3b4d3b5b885ff00b | Triage

Sharing

General

Target

930aa44813720d859563dae510deb7c3e72e9a92de3bb57b3b4d3b5b885ff00b
Size

36KB
Sample

230129-x2xk8acb3y
MD5

31c0da3948583c2435e599f94b8900c1
SHA1

aee1da09649da6b2124b3efc7a37cb0ece4b05b0
SHA256

930aa44813720d859563dae510deb7c3e72e9a92de3bb57b3b4d3b5b885ff00b
SHA512

ce0979707e3e320e7a86129640daae9d207758d005e15f044198c06e0a9665f260ceee0f205fff376d82570e065436aa032144471d0c14f645b3fa8c5338021c
SSDEEP

768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhTbDPux7XxGIMgqf+VsY:Cok3hbdlylKsgqopeJBWhZFGkE+cL2Nz

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  930aa44813720d859563dae510deb7c3e72e9a92de3bb57b3b4d3b5b885ff00b
- Size
  
  36KB
- MD5
  
  31c0da3948583c2435e599f94b8900c1
- SHA1
  
  aee1da09649da6b2124b3efc7a37cb0ece4b05b0
- SHA256
  
  930aa44813720d859563dae510deb7c3e72e9a92de3bb57b3b4d3b5b885ff00b
- SHA512
  
  ce0979707e3e320e7a86129640daae9d207758d005e15f044198c06e0a9665f260ceee0f205fff376d82570e065436aa032144471d0c14f645b3fa8c5338021c
- SSDEEP
  
  768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhTbDPux7XxGIMgqf+VsY:Cok3hbdlylKsgqopeJBWhZFGkE+cL2Nz
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2