General

  • Target

    c2aa3e061c6b4bc21c5f65638f09d057_JaffaCakes118

  • Size

    37KB

  • Sample

    240826-ksqebsvgkf

  • MD5

    c2aa3e061c6b4bc21c5f65638f09d057

  • SHA1

    ed2e2e8fac51d48857fcf812aa458575e4c40ead

  • SHA256

    e43540318a0467bf08fb441ecbeae1816e0ef6b4602ba306e55a2757924ddb9d

  • SHA512

    64271c0ce463baaea9773a0a4fbc6035cdf73f63f912631c4f5a6aa00807472ee7f7a8958333bac4e15865cfcd51e7835d1c40418fc1ff4d9f9bad4d5d1dd1b9

  • SSDEEP

    768:APqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJAfA3yrONwuEWBRIo:Mok3hbdlylKsgqopeJBWhZFGkE+cL2Nc

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      c2aa3e061c6b4bc21c5f65638f09d057_JaffaCakes118

    • Size

      37KB

    • MD5

      c2aa3e061c6b4bc21c5f65638f09d057

    • SHA1

      ed2e2e8fac51d48857fcf812aa458575e4c40ead

    • SHA256

      e43540318a0467bf08fb441ecbeae1816e0ef6b4602ba306e55a2757924ddb9d

    • SHA512

      64271c0ce463baaea9773a0a4fbc6035cdf73f63f912631c4f5a6aa00807472ee7f7a8958333bac4e15865cfcd51e7835d1c40418fc1ff4d9f9bad4d5d1dd1b9

    • SSDEEP

      768:APqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJAfA3yrONwuEWBRIo:Mok3hbdlylKsgqopeJBWhZFGkE+cL2Nc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks