General

  • Target

    b4250b16e5686416fe8c2c71a311bfce

  • Size

    36KB

  • Sample

    240305-jcd6pahf4s

  • MD5

    b4250b16e5686416fe8c2c71a311bfce

  • SHA1

    5422ab0147400c7bc4073c56d772a4c28560d802

  • SHA256

    cf315fa89ffb381da12a07f5dbf90d14412238ebcc0c9ba9585e263a803fe1f9

  • SHA512

    8a9e0c5b9e4ad86e4776bf9bdd279730f9702d4aa220620805cdbcc41cf0758f8a83158f721f35e65b701867ca2122d12f83e9deaef21811f0306a06110a44f2

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJAR1qm1PLf6o:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      b4250b16e5686416fe8c2c71a311bfce

    • Size

      36KB

    • MD5

      b4250b16e5686416fe8c2c71a311bfce

    • SHA1

      5422ab0147400c7bc4073c56d772a4c28560d802

    • SHA256

      cf315fa89ffb381da12a07f5dbf90d14412238ebcc0c9ba9585e263a803fe1f9

    • SHA512

      8a9e0c5b9e4ad86e4776bf9bdd279730f9702d4aa220620805cdbcc41cf0758f8a83158f721f35e65b701867ca2122d12f83e9deaef21811f0306a06110a44f2

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJAR1qm1PLf6o:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks