Resubmissions

11-04-2023 08:20

230411-j8k9wada3w 10

30-03-2023 23:34

230330-3ke8hafh37 10

General

  • Target

    SecuriteInfo.com.XF.AShadow.1205.5155.21550.xlsx

  • Size

    36KB

  • Sample

    230411-j8k9wada3w

  • MD5

    754c2720bc293a551469a1119707d3b4

  • SHA1

    355629dd7b1a25fc12264b530be5c456d30a9ef7

  • SHA256

    934ebca653ff2a2f5b8d56536e90f90f353bb18c761cc5ca82fb72efe7cd4d93

  • SHA512

    9451d651675a1a58fadebb45e6325d56eb619067153ab0cc777b29ab27b989cf886ccfdc084c7bbd1caf6646ab853c81006441b59127e7476dfe035cbf9f34dd

  • SSDEEP

    768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxIE8cBImXmtG:5ok3hbdlylKsgqopeJBWhZFGkE+cL2NU

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      SecuriteInfo.com.XF.AShadow.1205.5155.21550.xlsx

    • Size

      36KB

    • MD5

      754c2720bc293a551469a1119707d3b4

    • SHA1

      355629dd7b1a25fc12264b530be5c456d30a9ef7

    • SHA256

      934ebca653ff2a2f5b8d56536e90f90f353bb18c761cc5ca82fb72efe7cd4d93

    • SHA512

      9451d651675a1a58fadebb45e6325d56eb619067153ab0cc777b29ab27b989cf886ccfdc084c7bbd1caf6646ab853c81006441b59127e7476dfe035cbf9f34dd

    • SSDEEP

      768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxIE8cBImXmtG:5ok3hbdlylKsgqopeJBWhZFGkE+cL2NU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks