General

  • Target

    b7e0caa64e3559a41a729f2e7b2b741f

  • Size

    37KB

  • Sample

    231222-rfkrmsfdbk

  • MD5

    b7e0caa64e3559a41a729f2e7b2b741f

  • SHA1

    0855ee68c4e75166dc970c5a43de62719dc78fb1

  • SHA256

    513daa992942419e9cd2b9d140a8e0f73872f1c215a7397e29fd7f10cffb38e8

  • SHA512

    619964fa33c3be8b883ae16d68744ddf627e29570cc90d52e52fa98ed1a662c36448d7a5ce7386c8554ab82489870020c716937ee9288580d28a4935097d0a4c

  • SSDEEP

    768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJK57W5665iVX0TRl:ook3hbdlylKsgqopeJBWhZFGkE+cL2N4

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      b7e0caa64e3559a41a729f2e7b2b741f

    • Size

      37KB

    • MD5

      b7e0caa64e3559a41a729f2e7b2b741f

    • SHA1

      0855ee68c4e75166dc970c5a43de62719dc78fb1

    • SHA256

      513daa992942419e9cd2b9d140a8e0f73872f1c215a7397e29fd7f10cffb38e8

    • SHA512

      619964fa33c3be8b883ae16d68744ddf627e29570cc90d52e52fa98ed1a662c36448d7a5ce7386c8554ab82489870020c716937ee9288580d28a4935097d0a4c

    • SSDEEP

      768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJK57W5665iVX0TRl:ook3hbdlylKsgqopeJBWhZFGkE+cL2N4

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks