40fc359d9e81dd32583766a1d1f66284d822ebc75a11b31c66b8da9271227d34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

780f9b7ecc86bfc876c3a07b65bde39e
Size

36KB
Sample

240126-w2j5fsbgd9
MD5

780f9b7ecc86bfc876c3a07b65bde39e
SHA1

7b0ddf2ba49df2c9599d23468639fe53259de694
SHA256

40fc359d9e81dd32583766a1d1f66284d822ebc75a11b31c66b8da9271227d34
SHA512

bf26f5d1a8ad94a804b0588f8744c0ff08505a1dd803492499b3223c72e9edfa8cedbd10c0d653bd691d6e7105a1d37fc3a1d206650dd4290785ff4c7ddcb9fe
SSDEEP

768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJzjskzjCICF:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nd

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  780f9b7ecc86bfc876c3a07b65bde39e
- Size
  
  36KB
- MD5
  
  780f9b7ecc86bfc876c3a07b65bde39e
- SHA1
  
  7b0ddf2ba49df2c9599d23468639fe53259de694
- SHA256
  
  40fc359d9e81dd32583766a1d1f66284d822ebc75a11b31c66b8da9271227d34
- SHA512
  
  bf26f5d1a8ad94a804b0588f8744c0ff08505a1dd803492499b3223c72e9edfa8cedbd10c0d653bd691d6e7105a1d37fc3a1d206650dd4290785ff4c7ddcb9fe
- SSDEEP
  
  768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJzjskzjCICF:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nd
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2