General

  • Target

    a0e49757c567ebf1cb254dec9318cc88

  • Size

    36KB

  • Sample

    240224-ekjzpahd71

  • MD5

    a0e49757c567ebf1cb254dec9318cc88

  • SHA1

    72cbeb30c8dd8db4233efe46e4540b5851a9439e

  • SHA256

    90ed189bd6c90e7d904bda28717f25cf7483879b27dc872c82d51c53f441c962

  • SHA512

    b98d9b0aa22920a43cfd6313e45e402494eea417bda1ae5082d4e7629c5ab2e4f69466b38fdbf202dd56da9d88f53515e229a56180ff693188d92ea6c67c9223

  • SSDEEP

    768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJuertdcmUkqqolFmw:eok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      a0e49757c567ebf1cb254dec9318cc88

    • Size

      36KB

    • MD5

      a0e49757c567ebf1cb254dec9318cc88

    • SHA1

      72cbeb30c8dd8db4233efe46e4540b5851a9439e

    • SHA256

      90ed189bd6c90e7d904bda28717f25cf7483879b27dc872c82d51c53f441c962

    • SHA512

      b98d9b0aa22920a43cfd6313e45e402494eea417bda1ae5082d4e7629c5ab2e4f69466b38fdbf202dd56da9d88f53515e229a56180ff693188d92ea6c67c9223

    • SSDEEP

      768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJuertdcmUkqqolFmw:eok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks