General

  • Target

    SecuriteInfo.com.XF.AShadow.1000.5196.20073.xlsx

  • Size

    36KB

  • Sample

    230330-3kfh9shb8x

  • MD5

    e54f72b1de3e97efe28c97470d3b00f3

  • SHA1

    1eeed3b2fd10ff8f2b61237d23648e086fca677d

  • SHA256

    b916ee9ac5a31baa984fa1f21caa27f09e4441862a49de9173c5ee69866794c1

  • SHA512

    95a2359880fa090d93031cfe86788713007294ff01e996c3c03c7bf4e824b355f7a1056a1a4d3b3f51e5b0e40ec170439d99ea8b9cc216ba9fa862aee28209db

  • SSDEEP

    768:2PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+Q+5hrCaI58tfC9HY:Kok3hbdlylKsgqopeJBWhZFGkE+cL2ND

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      SecuriteInfo.com.XF.AShadow.1000.5196.20073.xlsx

    • Size

      36KB

    • MD5

      e54f72b1de3e97efe28c97470d3b00f3

    • SHA1

      1eeed3b2fd10ff8f2b61237d23648e086fca677d

    • SHA256

      b916ee9ac5a31baa984fa1f21caa27f09e4441862a49de9173c5ee69866794c1

    • SHA512

      95a2359880fa090d93031cfe86788713007294ff01e996c3c03c7bf4e824b355f7a1056a1a4d3b3f51e5b0e40ec170439d99ea8b9cc216ba9fa862aee28209db

    • SSDEEP

      768:2PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+Q+5hrCaI58tfC9HY:Kok3hbdlylKsgqopeJBWhZFGkE+cL2ND

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks