deec7f174221d1159bdf98ec14ec452d62d8f12659b5e3e627e60d1f1a755eed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1dec9d4bdadeff88d755cf369c524e52
Size

36KB
Sample

231225-pjk6gacdd7
MD5

1dec9d4bdadeff88d755cf369c524e52
SHA1

c4f094b9474649543392a9e2ded30c7a260e79d0
SHA256

deec7f174221d1159bdf98ec14ec452d62d8f12659b5e3e627e60d1f1a755eed
SHA512

9725ab6d1f397629dde0d011793c71f6f624151f58ff9cf33163c015aa46efc8cc9efee95fe6107b2f108e1ca5b7be5c8b057b2d07197395f5c6ba59328b7aba
SSDEEP

768:OPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ8Jh3X2026Q3bQ+9uN:yok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  1dec9d4bdadeff88d755cf369c524e52
- Size
  
  36KB
- MD5
  
  1dec9d4bdadeff88d755cf369c524e52
- SHA1
  
  c4f094b9474649543392a9e2ded30c7a260e79d0
- SHA256
  
  deec7f174221d1159bdf98ec14ec452d62d8f12659b5e3e627e60d1f1a755eed
- SHA512
  
  9725ab6d1f397629dde0d011793c71f6f624151f58ff9cf33163c015aa46efc8cc9efee95fe6107b2f108e1ca5b7be5c8b057b2d07197395f5c6ba59328b7aba
- SSDEEP
  
  768:OPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ8Jh3X2026Q3bQ+9uN:yok3hbdlylKsgqopeJBWhZFGkE+cL2Nt
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2