General

  • Target

    7957c30533056ca10e5677488efab6d5

  • Size

    36KB

  • Sample

    231222-jaygjscbar

  • MD5

    7957c30533056ca10e5677488efab6d5

  • SHA1

    54ebb273b1e948fdd27a4e0b807a1c9d0f8512d6

  • SHA256

    7b714ab9347391c3ebcfa72f3af4bdf00dca997eecf10a91327ae20ca723d72f

  • SHA512

    e196cee92691de33c6ce64e255a2006a407681af6335c4066bddd0cad2ef89264facd7ef6564c75a01c5f2ae3c6b185c26d913b2aaa652173927cf95b24bf3e0

  • SSDEEP

    768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJJ5PmTT6whIIb9YIs6zvPmPTu:Yok3hbdlylKsgqopeJBWhZFGkE+cL2N5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      7957c30533056ca10e5677488efab6d5

    • Size

      36KB

    • MD5

      7957c30533056ca10e5677488efab6d5

    • SHA1

      54ebb273b1e948fdd27a4e0b807a1c9d0f8512d6

    • SHA256

      7b714ab9347391c3ebcfa72f3af4bdf00dca997eecf10a91327ae20ca723d72f

    • SHA512

      e196cee92691de33c6ce64e255a2006a407681af6335c4066bddd0cad2ef89264facd7ef6564c75a01c5f2ae3c6b185c26d913b2aaa652173927cf95b24bf3e0

    • SSDEEP

      768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJJ5PmTT6whIIb9YIs6zvPmPTu:Yok3hbdlylKsgqopeJBWhZFGkE+cL2N5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks