34de6a9ae2b6d34554835085e57c8e3f69f23fab6b561e593087ba78e90e5a0b | Triage

Sharing

General

Target

0a4b467ce9043c1c6bef0e2ba3edacbf
Size

36KB
Sample

231230-b1p9vsbgcl
MD5

0a4b467ce9043c1c6bef0e2ba3edacbf
SHA1

29b67246bcc3b2aa17893dcd623a5728818612f3
SHA256

34de6a9ae2b6d34554835085e57c8e3f69f23fab6b561e593087ba78e90e5a0b
SHA512

ae4bee6b4170b517945c30ac0f14205bb05267fa3fc627cfbedac3bb0fdc14f6a77fb6a2c1037aea0f04b14251334595cce0eb121657a294431e31a8bd55f7da
SSDEEP

768:ZPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+v9CoxaGkLOV4n7yV:xok3hbdlylKsgqopeJBWhZFGkE+cL2N9

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  0a4b467ce9043c1c6bef0e2ba3edacbf
- Size
  
  36KB
- MD5
  
  0a4b467ce9043c1c6bef0e2ba3edacbf
- SHA1
  
  29b67246bcc3b2aa17893dcd623a5728818612f3
- SHA256
  
  34de6a9ae2b6d34554835085e57c8e3f69f23fab6b561e593087ba78e90e5a0b
- SHA512
  
  ae4bee6b4170b517945c30ac0f14205bb05267fa3fc627cfbedac3bb0fdc14f6a77fb6a2c1037aea0f04b14251334595cce0eb121657a294431e31a8bd55f7da
- SSDEEP
  
  768:ZPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+v9CoxaGkLOV4n7yV:xok3hbdlylKsgqopeJBWhZFGkE+cL2N9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2