ef3454616bd7522f3a54b5c0829cbcb6259980693b7cf4cd4a20b7f160b5fb09 | Triage

Sharing

General

Target

aadccb444167c87021c0c4a6bef7412d
Size

36KB
Sample

231219-1mfwpsaedl
MD5

aadccb444167c87021c0c4a6bef7412d
SHA1

5613ba646c007bb5b24009295cc6247f4365fec2
SHA256

ef3454616bd7522f3a54b5c0829cbcb6259980693b7cf4cd4a20b7f160b5fb09
SHA512

b9a53130c106c0f627f085eba9c54272dc705b552d3ee51873398ac2ca1bb89506da31a75bbcf5a0f496e8acf9e99ec75344b2c6c55ef7e3bd81f7ef9b196ef1
SSDEEP

768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJK7nXCH2jtEqk7EsEgje+:ook3hbdlylKsgqopeJBWhZFGkE+cL2NA

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  aadccb444167c87021c0c4a6bef7412d
- Size
  
  36KB
- MD5
  
  aadccb444167c87021c0c4a6bef7412d
- SHA1
  
  5613ba646c007bb5b24009295cc6247f4365fec2
- SHA256
  
  ef3454616bd7522f3a54b5c0829cbcb6259980693b7cf4cd4a20b7f160b5fb09
- SHA512
  
  b9a53130c106c0f627f085eba9c54272dc705b552d3ee51873398ac2ca1bb89506da31a75bbcf5a0f496e8acf9e99ec75344b2c6c55ef7e3bd81f7ef9b196ef1
- SSDEEP
  
  768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJK7nXCH2jtEqk7EsEgje+:ook3hbdlylKsgqopeJBWhZFGkE+cL2NA
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2