General

  • Target

    a5fa1253dc8138ced1a4eb386416747b

  • Size

    36KB

  • Sample

    240226-k5cc8sac7y

  • MD5

    a5fa1253dc8138ced1a4eb386416747b

  • SHA1

    27c36ad916dc756a3d8295667be6d695280d0840

  • SHA256

    178eadb3e7261c0fe13ccf971c74772eb8cc9610d9b3c71d6a5ddef5dc69b7fd

  • SHA512

    8fdaf2ad51bb25cf23e49d26663b597b34d0ae310cb05fb946b6f56bef4d2d684ea1cd8205d45dfe47d9418eab584ab8ad64fc83e8e9db8d00b3d9781b388c28

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpZ4dDOIoqSZMjvz6:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nw

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      a5fa1253dc8138ced1a4eb386416747b

    • Size

      36KB

    • MD5

      a5fa1253dc8138ced1a4eb386416747b

    • SHA1

      27c36ad916dc756a3d8295667be6d695280d0840

    • SHA256

      178eadb3e7261c0fe13ccf971c74772eb8cc9610d9b3c71d6a5ddef5dc69b7fd

    • SHA512

      8fdaf2ad51bb25cf23e49d26663b597b34d0ae310cb05fb946b6f56bef4d2d684ea1cd8205d45dfe47d9418eab584ab8ad64fc83e8e9db8d00b3d9781b388c28

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpZ4dDOIoqSZMjvz6:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nw

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks