308617e7721e9f4231c6abae8c8e1f33431c8314b37b6c6cf82c27ca08fa3d3d | Triage

Sharing

General

Target

f3a4114d5339de513d32955751c02b25_JaffaCakes118
Size

36KB
Sample

240416-rbm17sbg66
MD5

f3a4114d5339de513d32955751c02b25
SHA1

62261891deb0a784f884da6610c75776e61745f2
SHA256

308617e7721e9f4231c6abae8c8e1f33431c8314b37b6c6cf82c27ca08fa3d3d
SHA512

2b65903e53ac58ec5f01fbe2cce29fa72db559cbd6862bf31da84482702997992027e5a8cb41dee74170a9b9d9e91f5986d04621fac9975c05e254872677c4cb
SSDEEP

768:a55553wDEtlDWZNgng9sLfPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHrXRqtB:a55553wDEtlDWZNgng9sLXok3hbdlylA

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  f3a4114d5339de513d32955751c02b25_JaffaCakes118
- Size
  
  36KB
- MD5
  
  f3a4114d5339de513d32955751c02b25
- SHA1
  
  62261891deb0a784f884da6610c75776e61745f2
- SHA256
  
  308617e7721e9f4231c6abae8c8e1f33431c8314b37b6c6cf82c27ca08fa3d3d
- SHA512
  
  2b65903e53ac58ec5f01fbe2cce29fa72db559cbd6862bf31da84482702997992027e5a8cb41dee74170a9b9d9e91f5986d04621fac9975c05e254872677c4cb
- SSDEEP
  
  768:a55553wDEtlDWZNgng9sLfPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHrXRqtB:a55553wDEtlDWZNgng9sLXok3hbdlylA
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2