3a7c9efa418e79020a0bbc9c1a41878857804f4170457b1e9d763c03ea81e593 | Triage

Sharing

General

Target

00961b6e32b712b30d0850b0fcfcc109
Size

36KB
Sample

231219-l8zhlshgh4
MD5

00961b6e32b712b30d0850b0fcfcc109
SHA1

6d09fc1068a5646f8ca6ae8d27fca14e2e41fdf5
SHA256

3a7c9efa418e79020a0bbc9c1a41878857804f4170457b1e9d763c03ea81e593
SHA512

ab6d2cff3c91dbb444e181ea72db34008f2e02d017e58f479c8079743c87cab2b743967d45474e9315b197e092f69a24c9e2259774dcbf02ff1ce3f9e5344b2c
SSDEEP

768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchK4EYuEmOMK+0uJ9+EVROUEJ9:kok3hbdlylKsgqopeJBWhZFGkE+cL2N3

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  00961b6e32b712b30d0850b0fcfcc109
- Size
  
  36KB
- MD5
  
  00961b6e32b712b30d0850b0fcfcc109
- SHA1
  
  6d09fc1068a5646f8ca6ae8d27fca14e2e41fdf5
- SHA256
  
  3a7c9efa418e79020a0bbc9c1a41878857804f4170457b1e9d763c03ea81e593
- SHA512
  
  ab6d2cff3c91dbb444e181ea72db34008f2e02d017e58f479c8079743c87cab2b743967d45474e9315b197e092f69a24c9e2259774dcbf02ff1ce3f9e5344b2c
- SSDEEP
  
  768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchK4EYuEmOMK+0uJ9+EVROUEJ9:kok3hbdlylKsgqopeJBWhZFGkE+cL2N3
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2