2e35de5b5781bfc491d24aae6e2597bb71e95bf0f9e7a03ac043e89c1d8e574c | Triage

Sharing

General

Target

fd0c679a54c517fe04b8a6796fb57cf6_JaffaCakes118
Size

36KB
Sample

240420-sl169abh21
MD5

fd0c679a54c517fe04b8a6796fb57cf6
SHA1

5e52354ece49990dcf771d9fb39d9c6f0031b135
SHA256

2e35de5b5781bfc491d24aae6e2597bb71e95bf0f9e7a03ac043e89c1d8e574c
SHA512

f19f48053ca50c94b2867bf8302f92aa9cc883ccb96d10ccac60e14e89af8d19fd5e989f9a83ae1014f0b5248b2ef4c210bfeccbb4c2941ffc1ff81fd6474561
SSDEEP

768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJjtZu+4m5G8Q7M7M:1ok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  fd0c679a54c517fe04b8a6796fb57cf6_JaffaCakes118
- Size
  
  36KB
- MD5
  
  fd0c679a54c517fe04b8a6796fb57cf6
- SHA1
  
  5e52354ece49990dcf771d9fb39d9c6f0031b135
- SHA256
  
  2e35de5b5781bfc491d24aae6e2597bb71e95bf0f9e7a03ac043e89c1d8e574c
- SHA512
  
  f19f48053ca50c94b2867bf8302f92aa9cc883ccb96d10ccac60e14e89af8d19fd5e989f9a83ae1014f0b5248b2ef4c210bfeccbb4c2941ffc1ff81fd6474561
- SSDEEP
  
  768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJjtZu+4m5G8Q7M7M:1ok3hbdlylKsgqopeJBWhZFGkE+cL2NJ
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2