ad222ffd5352918d4d7952a11d47f8d0a21e1e3452a22014fd167ade96593497 | Triage

Sharing

General

Target

5c1f66c0a55ea34a6910afd06aa69001
Size

35KB
Sample

240115-ezlrtsabh2
MD5

5c1f66c0a55ea34a6910afd06aa69001
SHA1

f769e6e5dd1281a202446037197a57e4a49e3aa6
SHA256

ad222ffd5352918d4d7952a11d47f8d0a21e1e3452a22014fd167ade96593497
SHA512

9acbb7b2c71619d68d9bfe12425917055f5910b622a22c7f3222fb9a854cddb0c66f1190a012701731b36a0fc17f146cff09b9b7bba5a34bb4467480d20c0f73
SSDEEP

768:jPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJKsQFMphloyQd8CHOPvXi:7ok3hbdlylKsgqopeJBWhZFGkE+cL2Np

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  5c1f66c0a55ea34a6910afd06aa69001
- Size
  
  35KB
- MD5
  
  5c1f66c0a55ea34a6910afd06aa69001
- SHA1
  
  f769e6e5dd1281a202446037197a57e4a49e3aa6
- SHA256
  
  ad222ffd5352918d4d7952a11d47f8d0a21e1e3452a22014fd167ade96593497
- SHA512
  
  9acbb7b2c71619d68d9bfe12425917055f5910b622a22c7f3222fb9a854cddb0c66f1190a012701731b36a0fc17f146cff09b9b7bba5a34bb4467480d20c0f73
- SSDEEP
  
  768:jPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJKsQFMphloyQd8CHOPvXi:7ok3hbdlylKsgqopeJBWhZFGkE+cL2Np
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2