General

  • Target

    1a5f49d60889b9f27ab375297acc7846

  • Size

    36KB

  • Sample

    231221-2qznnafccq

  • MD5

    1a5f49d60889b9f27ab375297acc7846

  • SHA1

    d090e9dbafd621621d9b89d7936b7036f0006d00

  • SHA256

    028a360c1966a2b469e3d928f6fcdf033965db2cccaaf4bb82c3459e287fd082

  • SHA512

    f9fe15c7730745788199cee3c915117f279036fa3f7fb5b5d2400ccc98101ed15af11dca6f2e91ad5573264e2c98555a932ec27b7a8ceb649b5410bc14c43a3f

  • SSDEEP

    768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ5tvOeThMUXsrlNWNtu:Yok3hbdlylKsgqopeJBWhZFGkE+cL2NH

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      1a5f49d60889b9f27ab375297acc7846

    • Size

      36KB

    • MD5

      1a5f49d60889b9f27ab375297acc7846

    • SHA1

      d090e9dbafd621621d9b89d7936b7036f0006d00

    • SHA256

      028a360c1966a2b469e3d928f6fcdf033965db2cccaaf4bb82c3459e287fd082

    • SHA512

      f9fe15c7730745788199cee3c915117f279036fa3f7fb5b5d2400ccc98101ed15af11dca6f2e91ad5573264e2c98555a932ec27b7a8ceb649b5410bc14c43a3f

    • SSDEEP

      768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ5tvOeThMUXsrlNWNtu:Yok3hbdlylKsgqopeJBWhZFGkE+cL2NH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks