8e9a497e4f0be8e69a5337f55771ff98841cd7b02b3edad7f34d31a0cafa936e | Triage

Sharing

General

Target

984f3f94ec87571743a3401b5b738600
Size

35KB
Sample

231219-zgvbgaahe4
MD5

984f3f94ec87571743a3401b5b738600
SHA1

8993fcf4403fb44facf1208909bb23d2fe4dd12e
SHA256

8e9a497e4f0be8e69a5337f55771ff98841cd7b02b3edad7f34d31a0cafa936e
SHA512

4af6c5d502a71b93ae7ed67cb0801f22317d249a5f8e7a2e58170dcfaf511ccd9effe45a1357e09843c581010a8b0aa193954a3b306f19e853d00f88c0278852
SSDEEP

768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJY8+JOa5QKz9vA1s:eok3hbdlylKsgqopeJBWhZFGkE+cL2NL

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  984f3f94ec87571743a3401b5b738600
- Size
  
  35KB
- MD5
  
  984f3f94ec87571743a3401b5b738600
- SHA1
  
  8993fcf4403fb44facf1208909bb23d2fe4dd12e
- SHA256
  
  8e9a497e4f0be8e69a5337f55771ff98841cd7b02b3edad7f34d31a0cafa936e
- SHA512
  
  4af6c5d502a71b93ae7ed67cb0801f22317d249a5f8e7a2e58170dcfaf511ccd9effe45a1357e09843c581010a8b0aa193954a3b306f19e853d00f88c0278852
- SSDEEP
  
  768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJY8+JOa5QKz9vA1s:eok3hbdlylKsgqopeJBWhZFGkE+cL2NL
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2