General

  • Target

    b2bc6b1db6a26485c9398e1453cb67a3

  • Size

    36KB

  • Sample

    240304-wd3a5ahf79

  • MD5

    b2bc6b1db6a26485c9398e1453cb67a3

  • SHA1

    64359e55cd7e7a3ff7bb7c5d71833110b4bf337a

  • SHA256

    c3e9f8f223035b649ec8f0f3d8bf8dfc3300dff6306a97e3dfd2cc3cf0fafd1e

  • SHA512

    bf5af88f1f400e65b0a1a97bd28b855ca63c7e04bd3509c6937c91898a8d02455024b968abef55714d0061c98ab21ef40897cee931f4aef6559fe91010427988

  • SSDEEP

    768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJokhbs9RcFvbyiY:wok3hbdlylKsgqopeJBWhZFGkE+cL2Np

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      b2bc6b1db6a26485c9398e1453cb67a3

    • Size

      36KB

    • MD5

      b2bc6b1db6a26485c9398e1453cb67a3

    • SHA1

      64359e55cd7e7a3ff7bb7c5d71833110b4bf337a

    • SHA256

      c3e9f8f223035b649ec8f0f3d8bf8dfc3300dff6306a97e3dfd2cc3cf0fafd1e

    • SHA512

      bf5af88f1f400e65b0a1a97bd28b855ca63c7e04bd3509c6937c91898a8d02455024b968abef55714d0061c98ab21ef40897cee931f4aef6559fe91010427988

    • SSDEEP

      768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJokhbs9RcFvbyiY:wok3hbdlylKsgqopeJBWhZFGkE+cL2Np

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks