17c15385d3e1d258121da0f96eceb1949aafe17da9f3a5c64625c9e455bb5212 | Triage

Sharing

General

Target

f13279295dc7680101a288bef81b25ae_JaffaCakes118
Size

36KB
Sample

240415-q121zsaa5y
MD5

f13279295dc7680101a288bef81b25ae
SHA1

4153ddfe84ba3362d890de73d45ce4d5cc6c4f8e
SHA256

17c15385d3e1d258121da0f96eceb1949aafe17da9f3a5c64625c9e455bb5212
SHA512

c2100a2bc4c2d14b825fa1b5152c7272fd9f91f3637fae44303bfad6d0710920f70de1459d2919ceecc7db90eee7e60a5232a4e005a5320c846bfb59493bcf08
SSDEEP

768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpmogW31kTKDwdv:Cok3hbdlylKsgqopeJBWhZFGkE+cL2N3

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  f13279295dc7680101a288bef81b25ae_JaffaCakes118
- Size
  
  36KB
- MD5
  
  f13279295dc7680101a288bef81b25ae
- SHA1
  
  4153ddfe84ba3362d890de73d45ce4d5cc6c4f8e
- SHA256
  
  17c15385d3e1d258121da0f96eceb1949aafe17da9f3a5c64625c9e455bb5212
- SHA512
  
  c2100a2bc4c2d14b825fa1b5152c7272fd9f91f3637fae44303bfad6d0710920f70de1459d2919ceecc7db90eee7e60a5232a4e005a5320c846bfb59493bcf08
- SSDEEP
  
  768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJpmogW31kTKDwdv:Cok3hbdlylKsgqopeJBWhZFGkE+cL2N3
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2