1a1aada722ddb436655f14df72ef92f66e900e92fc9d486164a2fa6e3bf89106 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86e48b91574a6c5c45f07d74ae4efdd0.bin
Size

36KB
Sample

240203-b1b28sgcfr
MD5

86e48b91574a6c5c45f07d74ae4efdd0
SHA1

c902a5c215060f9b21eb23f54d45fd10f8761f86
SHA256

1a1aada722ddb436655f14df72ef92f66e900e92fc9d486164a2fa6e3bf89106
SHA512

20ce88b4507dd8bff82be9f7b166e41639b8fe840ca72b91b7669600e99e3d6c3bb43e58e72691a2f0dac00ba7b8d1c5173d569494ee95a678d74325769d1b0b
SSDEEP

768:OPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2xwWZ//wnDPVcQ15qHL:yok3hbdlylKsgqopeJBWhZFGkE+cL2Nb

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  86e48b91574a6c5c45f07d74ae4efdd0.bin
- Size
  
  36KB
- MD5
  
  86e48b91574a6c5c45f07d74ae4efdd0
- SHA1
  
  c902a5c215060f9b21eb23f54d45fd10f8761f86
- SHA256
  
  1a1aada722ddb436655f14df72ef92f66e900e92fc9d486164a2fa6e3bf89106
- SHA512
  
  20ce88b4507dd8bff82be9f7b166e41639b8fe840ca72b91b7669600e99e3d6c3bb43e58e72691a2f0dac00ba7b8d1c5173d569494ee95a678d74325769d1b0b
- SSDEEP
  
  768:OPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2xwWZ//wnDPVcQ15qHL:yok3hbdlylKsgqopeJBWhZFGkE+cL2Nb
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2