General

  • Target

    bd05d3bbdb3a5f1090c3addabc1c645a

  • Size

    36KB

  • Sample

    231222-rlfpwagghm

  • MD5

    bd05d3bbdb3a5f1090c3addabc1c645a

  • SHA1

    77a4fd0f2fe2322c499b36cf90c96477b56ae8e4

  • SHA256

    fe489fc40933ce3972f124eb3b8186d38a149fbbeaa96182b6e69e0ce0722b65

  • SHA512

    a864dde9a1ab03875d920dbc402f66af9147ce982f1ca7309a838738b4875c6cc791295b53d123983ba94e74ddde7b4f2abd145b37a29a4e2b4e2589635f9373

  • SSDEEP

    768:vPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJSR9pq8Sssxu9PFu:Hok3hbdlylKsgqopeJBWhZFGkE+cL2NM

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      bd05d3bbdb3a5f1090c3addabc1c645a

    • Size

      36KB

    • MD5

      bd05d3bbdb3a5f1090c3addabc1c645a

    • SHA1

      77a4fd0f2fe2322c499b36cf90c96477b56ae8e4

    • SHA256

      fe489fc40933ce3972f124eb3b8186d38a149fbbeaa96182b6e69e0ce0722b65

    • SHA512

      a864dde9a1ab03875d920dbc402f66af9147ce982f1ca7309a838738b4875c6cc791295b53d123983ba94e74ddde7b4f2abd145b37a29a4e2b4e2589635f9373

    • SSDEEP

      768:vPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJSR9pq8Sssxu9PFu:Hok3hbdlylKsgqopeJBWhZFGkE+cL2NM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks