General

  • Target

    b6ee30cfa1d23aa024830b696e395843

  • Size

    36KB

  • Sample

    240306-jy8x7afh83

  • MD5

    b6ee30cfa1d23aa024830b696e395843

  • SHA1

    ad72ba11045f9f0913d43bf8e561fbf92e4b7fc2

  • SHA256

    bd411d693800277644cd3cc29e61a605fea9713e35bb7a48a155a22975ca247d

  • SHA512

    427d8ad8165bb1a9d1ab4b955b2daaa03d5c39da8adcedbf46b0c58c63d3e1519d3883a46fb5b73b935a21a8d56a43985cc12a7e5d0e071ee548147e7512ede0

  • SSDEEP

    768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxHoEC3wvd85+HJCpK:ook3hbdlylKsgqopeJBWhZFGkE+cL2N6

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      b6ee30cfa1d23aa024830b696e395843

    • Size

      36KB

    • MD5

      b6ee30cfa1d23aa024830b696e395843

    • SHA1

      ad72ba11045f9f0913d43bf8e561fbf92e4b7fc2

    • SHA256

      bd411d693800277644cd3cc29e61a605fea9713e35bb7a48a155a22975ca247d

    • SHA512

      427d8ad8165bb1a9d1ab4b955b2daaa03d5c39da8adcedbf46b0c58c63d3e1519d3883a46fb5b73b935a21a8d56a43985cc12a7e5d0e071ee548147e7512ede0

    • SSDEEP

      768:8PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxHoEC3wvd85+HJCpK:ook3hbdlylKsgqopeJBWhZFGkE+cL2N6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks