b740697d98c083fa3ae097de011c4640a3aaa0b081f9d3389a7d9c9deab90faa | Triage

Sharing

General

Target

c019789a57765e508da97e1e760b8072
Size

36KB
Sample

240311-hecvzaea93
MD5

c019789a57765e508da97e1e760b8072
SHA1

2cad2eee0dc0ffd1be5c61fd9feba046c82680c8
SHA256

b740697d98c083fa3ae097de011c4640a3aaa0b081f9d3389a7d9c9deab90faa
SHA512

f0181aaad9a4026224738b8132290eb1520b684cc7b9cc72edc97cd0158552d221abf240113996901df697091125fcf7f812fe56f198bd8620422d24474f0cfb
SSDEEP

768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJrpyPkabY0v2q:Rok3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  c019789a57765e508da97e1e760b8072
- Size
  
  36KB
- MD5
  
  c019789a57765e508da97e1e760b8072
- SHA1
  
  2cad2eee0dc0ffd1be5c61fd9feba046c82680c8
- SHA256
  
  b740697d98c083fa3ae097de011c4640a3aaa0b081f9d3389a7d9c9deab90faa
- SHA512
  
  f0181aaad9a4026224738b8132290eb1520b684cc7b9cc72edc97cd0158552d221abf240113996901df697091125fcf7f812fe56f198bd8620422d24474f0cfb
- SSDEEP
  
  768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJrpyPkabY0v2q:Rok3hbdlylKsgqopeJBWhZFGkE+cL2Nr
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2