General

  • Target

    01d2bcd9bf0298f75aeb0a92297cde5e

  • Size

    36KB

  • Sample

    231219-mazamaghhl

  • MD5

    01d2bcd9bf0298f75aeb0a92297cde5e

  • SHA1

    9800cb48ace647854cb43097cb9d6b727e474942

  • SHA256

    d99296b6e5da9bd84687cfbe8851302f68d366117c1251ce7b2a841113827726

  • SHA512

    d33737c7da8cf19a0635c315aff7d9f7fc6476e1334f08084be41724c36ab30f4a981f08a829572d2a4eadf30b4dfde157da50f2e3da3f05d2295d5245cb4bc4

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJz4pAi9qf/I3dTrK:gok3hbdlylKsgqopeJBWhZFGkE+cL2N6

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      01d2bcd9bf0298f75aeb0a92297cde5e

    • Size

      36KB

    • MD5

      01d2bcd9bf0298f75aeb0a92297cde5e

    • SHA1

      9800cb48ace647854cb43097cb9d6b727e474942

    • SHA256

      d99296b6e5da9bd84687cfbe8851302f68d366117c1251ce7b2a841113827726

    • SHA512

      d33737c7da8cf19a0635c315aff7d9f7fc6476e1334f08084be41724c36ab30f4a981f08a829572d2a4eadf30b4dfde157da50f2e3da3f05d2295d5245cb4bc4

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJz4pAi9qf/I3dTrK:gok3hbdlylKsgqopeJBWhZFGkE+cL2N6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks