f4b09d83334c8cc96428f02b523b0f577e0313c48803d79e630c92a0eafff35f | Triage

Sharing

General

Target

029159bef012deae30debda77b447322
Size

36KB
Sample

231219-mb6fbshebj
MD5

029159bef012deae30debda77b447322
SHA1

8b2942462fad0d3ba2ed0da15c52b8f4b480e4a7
SHA256

f4b09d83334c8cc96428f02b523b0f577e0313c48803d79e630c92a0eafff35f
SHA512

de5cad1718f8d63077bba6cccbcfd2da1b135f4603944e3aec3fb59ec78ac60d6831f78aa29b87fdced64bf21f5fbd4b70510a39346e86b7615698b9d8e0e32b
SSDEEP

768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJOFMyWpfApefyP:Bok3hbdlylKsgqopeJBWhZFGkE+cL2NP

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  029159bef012deae30debda77b447322
- Size
  
  36KB
- MD5
  
  029159bef012deae30debda77b447322
- SHA1
  
  8b2942462fad0d3ba2ed0da15c52b8f4b480e4a7
- SHA256
  
  f4b09d83334c8cc96428f02b523b0f577e0313c48803d79e630c92a0eafff35f
- SHA512
  
  de5cad1718f8d63077bba6cccbcfd2da1b135f4603944e3aec3fb59ec78ac60d6831f78aa29b87fdced64bf21f5fbd4b70510a39346e86b7615698b9d8e0e32b
- SSDEEP
  
  768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJOFMyWpfApefyP:Bok3hbdlylKsgqopeJBWhZFGkE+cL2NP
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2