335ade9fc7fc962cd026795de6dcfba8defbbcb198db954dc1aeb8051bca8d6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4c7e0f06a9b75f6e35287f34b914a58
Size

36KB
Sample

240319-a3m2vacg64
MD5

d4c7e0f06a9b75f6e35287f34b914a58
SHA1

e079ad6634ea9787698bbdf8c14257c87f9edc69
SHA256

335ade9fc7fc962cd026795de6dcfba8defbbcb198db954dc1aeb8051bca8d6f
SHA512

47b805e51bf7c8cb828bdca733c3f2e4fb8989a38d928933627e6e33c6d5d18c0537d4e4fa8ec96b57ed10e41bcff6d288cabf95d1e7fa6cfa08addf102dd998
SSDEEP

768:GPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJLS2GOK/90jIhpEVq7:6ok3hbdlylKsgqopeJBWhZFGkE+cL2Nf

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  d4c7e0f06a9b75f6e35287f34b914a58
- Size
  
  36KB
- MD5
  
  d4c7e0f06a9b75f6e35287f34b914a58
- SHA1
  
  e079ad6634ea9787698bbdf8c14257c87f9edc69
- SHA256
  
  335ade9fc7fc962cd026795de6dcfba8defbbcb198db954dc1aeb8051bca8d6f
- SHA512
  
  47b805e51bf7c8cb828bdca733c3f2e4fb8989a38d928933627e6e33c6d5d18c0537d4e4fa8ec96b57ed10e41bcff6d288cabf95d1e7fa6cfa08addf102dd998
- SSDEEP
  
  768:GPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJLS2GOK/90jIhpEVq7:6ok3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2