e461855470408f6f5ffb38d09e96bab0146fa490429181f71788848b200e0c17 | Triage

Sharing

General

Target

0fb2d3213cd0fab7c0fb8b4d17f57a3b_JaffaCakes118
Size

235KB
Sample

240503-fdrlmafd7w
MD5

0fb2d3213cd0fab7c0fb8b4d17f57a3b
SHA1

88fdf477a6e7f5119ab5fb6481ba26324cb520b6
SHA256

e461855470408f6f5ffb38d09e96bab0146fa490429181f71788848b200e0c17
SHA512

44a4dc41a789ed7aaa76008a6b1e8fb7e317a02b158e332cd0cac6e0dfc9f80c84af721b1520d82fadead0faf045539775fc4f56a2e549c524b524512494f99a
SSDEEP

6144:1k3hOdsylKlgxopeiBNhZF+E+W2kdAFoKvfK4UJUNkLeShrHHQ8hMMO:fvy4UJ4khhDHtSv

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://jumper.rocks/wp-index.php

xlm40.dropper

https://jumper.yoga/wp-index.php

Targets

- Target
  
  0fb2d3213cd0fab7c0fb8b4d17f57a3b_JaffaCakes118
- Size
  
  235KB
- MD5
  
  0fb2d3213cd0fab7c0fb8b4d17f57a3b
- SHA1
  
  88fdf477a6e7f5119ab5fb6481ba26324cb520b6
- SHA256
  
  e461855470408f6f5ffb38d09e96bab0146fa490429181f71788848b200e0c17
- SHA512
  
  44a4dc41a789ed7aaa76008a6b1e8fb7e317a02b158e332cd0cac6e0dfc9f80c84af721b1520d82fadead0faf045539775fc4f56a2e549c524b524512494f99a
- SSDEEP
  
  6144:1k3hOdsylKlgxopeiBNhZF+E+W2kdAFoKvfK4UJUNkLeShrHHQ8hMMO:fvy4UJ4khhDHtSv
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2