602ac26b1b05f3500908fe97cb4a1ffce92366f5340834fbfbe85d1b72f2080c | Triage

Sharing

General

Target

602ac26b1b05f3500908fe97cb4a1ffce92366f5340834fbfbe85d1b72f2080c
Size

36KB
Sample

240517-ffg5zaab82
MD5

0179a631b4a2aec5a5e32f3f5543187a
SHA1

c23c64e42e0038fe1e81b489cfb77abce2c8701a
SHA256

602ac26b1b05f3500908fe97cb4a1ffce92366f5340834fbfbe85d1b72f2080c
SHA512

54e7386c48ed05d835da9a0cdd88078adc060df85e5f77adeb84550e10b87dd848c73aa2a9b794f50073940e6d3a855aa091092eb6f71b27e56fd2678afe1d26
SSDEEP

768:7PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJtpq2FMlYwRknPUnB:Dok3hbdlylKsgqopeJBWhZFGkE+cL2Nh

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  602ac26b1b05f3500908fe97cb4a1ffce92366f5340834fbfbe85d1b72f2080c
- Size
  
  36KB
- MD5
  
  0179a631b4a2aec5a5e32f3f5543187a
- SHA1
  
  c23c64e42e0038fe1e81b489cfb77abce2c8701a
- SHA256
  
  602ac26b1b05f3500908fe97cb4a1ffce92366f5340834fbfbe85d1b72f2080c
- SHA512
  
  54e7386c48ed05d835da9a0cdd88078adc060df85e5f77adeb84550e10b87dd848c73aa2a9b794f50073940e6d3a855aa091092eb6f71b27e56fd2678afe1d26
- SSDEEP
  
  768:7PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJtpq2FMlYwRknPUnB:Dok3hbdlylKsgqopeJBWhZFGkE+cL2Nh
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2