fbfad2cf60449c52500dfc006d6440d318826e2ba2b5613942b2a0484697e65a | Triage

Sharing

General

Target

d755319b5d25ea946be2e03aee9aa2d1
Size

36KB
Sample

231220-st87tsfbfj
MD5

d755319b5d25ea946be2e03aee9aa2d1
SHA1

7a90b386eabd634bb3fdd416fbb3633705bfb492
SHA256

fbfad2cf60449c52500dfc006d6440d318826e2ba2b5613942b2a0484697e65a
SHA512

2357c5df0251de9ddb144334ec4176e0ce51e01c2ebe74731c5b487bf6d5b4996e6a685de06f3fbe7d0b225011b95c27c9d6811790b24fba471e255717dafd6b
SSDEEP

768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHgeolQPJ1DU1dDCGo:gok3hbdlylKsgqopeJBWhZFGkE+cL2NW

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  d755319b5d25ea946be2e03aee9aa2d1
- Size
  
  36KB
- MD5
  
  d755319b5d25ea946be2e03aee9aa2d1
- SHA1
  
  7a90b386eabd634bb3fdd416fbb3633705bfb492
- SHA256
  
  fbfad2cf60449c52500dfc006d6440d318826e2ba2b5613942b2a0484697e65a
- SHA512
  
  2357c5df0251de9ddb144334ec4176e0ce51e01c2ebe74731c5b487bf6d5b4996e6a685de06f3fbe7d0b225011b95c27c9d6811790b24fba471e255717dafd6b
- SSDEEP
  
  768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHgeolQPJ1DU1dDCGo:gok3hbdlylKsgqopeJBWhZFGkE+cL2NW
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2