General

  • Target

    a7e3d9f74fff9b3fa43f0ebdc58d899a

  • Size

    36KB

  • Sample

    231219-1gfzhsghbn

  • MD5

    a7e3d9f74fff9b3fa43f0ebdc58d899a

  • SHA1

    f31ee6b8d04acac8f175b7aee11058df84a13857

  • SHA256

    1cd7a5cb322b9b94571a2f07415a76c3591449f196e5ad78cfc593803dcc2305

  • SHA512

    a5209f2893dfa9e1feffbc174aff948c18d805973c67e4b3664c9889bb95211d3cac516024b26e8d486c22a864aa862b803e3f3960422e88159ed31c76582eb2

  • SSDEEP

    768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJFTWh6Njhi:kok3hbdlylKsgqopeJBWhZFGkE+cL2N5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      a7e3d9f74fff9b3fa43f0ebdc58d899a

    • Size

      36KB

    • MD5

      a7e3d9f74fff9b3fa43f0ebdc58d899a

    • SHA1

      f31ee6b8d04acac8f175b7aee11058df84a13857

    • SHA256

      1cd7a5cb322b9b94571a2f07415a76c3591449f196e5ad78cfc593803dcc2305

    • SHA512

      a5209f2893dfa9e1feffbc174aff948c18d805973c67e4b3664c9889bb95211d3cac516024b26e8d486c22a864aa862b803e3f3960422e88159ed31c76582eb2

    • SSDEEP

      768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJFTWh6Njhi:kok3hbdlylKsgqopeJBWhZFGkE+cL2N5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks