4b27c5ef7346af38cc1ebdab80adfda5ffbbc811fe1b3c8dabb41ae8aa64b8ae | Triage

Sharing

General

Target

fb6caac9fbe43351e1a92206d0bd8752_JaffaCakes118
Size

36KB
Sample

240419-3nndaabd3z
MD5

fb6caac9fbe43351e1a92206d0bd8752
SHA1

c607a003587cc31536e5a3d53e7e4955f2754541
SHA256

4b27c5ef7346af38cc1ebdab80adfda5ffbbc811fe1b3c8dabb41ae8aa64b8ae
SHA512

b6f75cd8ed3d9488491c51ffcaa5a28b6d19e3de0fdb4251673af11234b3e851eba88cde453baebb0af67e39e2a9a1f640fa0542666ea00532f462a1ff03a8db
SSDEEP

768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJcKH1eyvcJJdqF0:Yok3hbdlylKsgqopeJBWhZFGkE+cL2Nd

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  fb6caac9fbe43351e1a92206d0bd8752_JaffaCakes118
- Size
  
  36KB
- MD5
  
  fb6caac9fbe43351e1a92206d0bd8752
- SHA1
  
  c607a003587cc31536e5a3d53e7e4955f2754541
- SHA256
  
  4b27c5ef7346af38cc1ebdab80adfda5ffbbc811fe1b3c8dabb41ae8aa64b8ae
- SHA512
  
  b6f75cd8ed3d9488491c51ffcaa5a28b6d19e3de0fdb4251673af11234b3e851eba88cde453baebb0af67e39e2a9a1f640fa0542666ea00532f462a1ff03a8db
- SSDEEP
  
  768:MPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJcKH1eyvcJJdqF0:Yok3hbdlylKsgqopeJBWhZFGkE+cL2Nd
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2