General

  • Target

    007c20517afab72e5c9ed96b468288d0

  • Size

    36KB

  • Sample

    231219-l8sp3agahp

  • MD5

    007c20517afab72e5c9ed96b468288d0

  • SHA1

    11dbcb86b6739805dc9203564ea0e293fa0a7223

  • SHA256

    ef39ad640943ff72b43a7e342d6759346a8b448f59b0099b54a5a9bcad837fd0

  • SHA512

    54793c759a2a1187a5f1fa9be5cc37867d35278a48a161dcc8fc99a059f1857b5235cc63d1198bb4ea82ba6d6953a0745d126cce5f7c185e44cf2592fc0a9266

  • SSDEEP

    768:gPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJCzMXSOfs4dQHY:sok3hbdlylKsgqopeJBWhZFGkE+cL2NC

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      007c20517afab72e5c9ed96b468288d0

    • Size

      36KB

    • MD5

      007c20517afab72e5c9ed96b468288d0

    • SHA1

      11dbcb86b6739805dc9203564ea0e293fa0a7223

    • SHA256

      ef39ad640943ff72b43a7e342d6759346a8b448f59b0099b54a5a9bcad837fd0

    • SHA512

      54793c759a2a1187a5f1fa9be5cc37867d35278a48a161dcc8fc99a059f1857b5235cc63d1198bb4ea82ba6d6953a0745d126cce5f7c185e44cf2592fc0a9266

    • SSDEEP

      768:gPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJCzMXSOfs4dQHY:sok3hbdlylKsgqopeJBWhZFGkE+cL2NC

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks