580b70c690d00c5967ac66350c247fa82f022ac6c021121adebdc9a61b6a0bc8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

580b70c690d00c5967ac66350c247fa82f022ac6c021121adebdc9a61b6a0bc8
Size

36KB
Sample

240904-14ltaaxdpm
MD5

f3cb225da8977ea6a8114b0e505a6378
SHA1

eb7a9968dbf4d1e09021addc3b5da5195cfe5730
SHA256

580b70c690d00c5967ac66350c247fa82f022ac6c021121adebdc9a61b6a0bc8
SHA512

3c1f76a17b56627f7ee146cfaa5470e37453e8cd8ec62c99499d9f70994c1a1f0609a73759ee825f51d4feee375162cc83c30c58dfdcea0ce512b0e2f8813afb
SSDEEP

768:kPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWbrQYUN19EcpVR:Aok3hbdlylKsgqopeJBWhZFGkE+cL2NI

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  580b70c690d00c5967ac66350c247fa82f022ac6c021121adebdc9a61b6a0bc8
- Size
  
  36KB
- MD5
  
  f3cb225da8977ea6a8114b0e505a6378
- SHA1
  
  eb7a9968dbf4d1e09021addc3b5da5195cfe5730
- SHA256
  
  580b70c690d00c5967ac66350c247fa82f022ac6c021121adebdc9a61b6a0bc8
- SHA512
  
  3c1f76a17b56627f7ee146cfaa5470e37453e8cd8ec62c99499d9f70994c1a1f0609a73759ee825f51d4feee375162cc83c30c58dfdcea0ce512b0e2f8813afb
- SSDEEP
  
  768:kPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWbrQYUN19EcpVR:Aok3hbdlylKsgqopeJBWhZFGkE+cL2NI
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2