General

  • Target

    fdfd67c1ae72f0822d746039a7157604

  • Size

    36KB

  • Sample

    231220-wg9vdacchq

  • MD5

    fdfd67c1ae72f0822d746039a7157604

  • SHA1

    b80aa634a6441c563f0b7d7e6d204628a1c185ba

  • SHA256

    7be4f9e5e36adebce5ce97311efe422a65af9e501de522fa63fb9deb2a261007

  • SHA512

    2bd5a1006de842300b9c836debbdf58be0d8845aaa6737a9679b3e9302de0553522093aa5a1897c6a371369995c2a9864ce70ab3acafacd113da629ac96b5f39

  • SSDEEP

    768:nPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWFUDoiXwMNPPbE:Pok3hbdlylKsgqopeJBWhZFGkE+cL2Nn

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      fdfd67c1ae72f0822d746039a7157604

    • Size

      36KB

    • MD5

      fdfd67c1ae72f0822d746039a7157604

    • SHA1

      b80aa634a6441c563f0b7d7e6d204628a1c185ba

    • SHA256

      7be4f9e5e36adebce5ce97311efe422a65af9e501de522fa63fb9deb2a261007

    • SHA512

      2bd5a1006de842300b9c836debbdf58be0d8845aaa6737a9679b3e9302de0553522093aa5a1897c6a371369995c2a9864ce70ab3acafacd113da629ac96b5f39

    • SSDEEP

      768:nPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWFUDoiXwMNPPbE:Pok3hbdlylKsgqopeJBWhZFGkE+cL2Nn

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks