General

  • Target

    ba5e1a4c199439c97493890a283585a5

  • Size

    36KB

  • Sample

    231222-rhxh8agaer

  • MD5

    ba5e1a4c199439c97493890a283585a5

  • SHA1

    5b6d59ffdc0557f72a174b66816959ee453a203b

  • SHA256

    ce06c78445dad53aae32af47141e2647759509c3437a9eb6516b890feaab448a

  • SHA512

    b6ac471f6e1c5292d471ba65d39d52d395fa839870e654103579c237214c5f7763a67fe55626070f8a7157d38458c87576c5b025ff840cb28cd301daceb41063

  • SSDEEP

    768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJkH1YYDNSmv:kok3hbdlylKsgqopeJBWhZFGkE+cL2NV

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      ba5e1a4c199439c97493890a283585a5

    • Size

      36KB

    • MD5

      ba5e1a4c199439c97493890a283585a5

    • SHA1

      5b6d59ffdc0557f72a174b66816959ee453a203b

    • SHA256

      ce06c78445dad53aae32af47141e2647759509c3437a9eb6516b890feaab448a

    • SHA512

      b6ac471f6e1c5292d471ba65d39d52d395fa839870e654103579c237214c5f7763a67fe55626070f8a7157d38458c87576c5b025ff840cb28cd301daceb41063

    • SSDEEP

      768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJkH1YYDNSmv:kok3hbdlylKsgqopeJBWhZFGkE+cL2NV

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks