General

  • Target

    e50f3fedf75cf2c7bad64bac64ebb0f5

  • Size

    36KB

  • Sample

    231220-tr5x3ahefn

  • MD5

    e50f3fedf75cf2c7bad64bac64ebb0f5

  • SHA1

    a7cd940d283090b301c50fcfbb080aa1803037f0

  • SHA256

    d235443ff87bae0d66b7899b400596926665baf86fcb9feb01fc0bead39c05fc

  • SHA512

    09a045a4be025f5c2e4e40acab952d52d33178f242ea4f88a0943ab0082a09d8c0c8ff29af3892b1fe46ca3b579c3c385fbca39567339e9e9758aaff272887ea

  • SSDEEP

    768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJRkxGv1QEE68DK:kok3hbdlylKsgqopeJBWhZFGkE+cL2Nc

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      e50f3fedf75cf2c7bad64bac64ebb0f5

    • Size

      36KB

    • MD5

      e50f3fedf75cf2c7bad64bac64ebb0f5

    • SHA1

      a7cd940d283090b301c50fcfbb080aa1803037f0

    • SHA256

      d235443ff87bae0d66b7899b400596926665baf86fcb9feb01fc0bead39c05fc

    • SHA512

      09a045a4be025f5c2e4e40acab952d52d33178f242ea4f88a0943ab0082a09d8c0c8ff29af3892b1fe46ca3b579c3c385fbca39567339e9e9758aaff272887ea

    • SSDEEP

      768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJRkxGv1QEE68DK:kok3hbdlylKsgqopeJBWhZFGkE+cL2Nc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks