General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.2491.3650.28971.xlsx

  • Size

    36KB

  • Sample

    240910-dtlzzathrr

  • MD5

    1f168ac4f678476e493552e65995ae1a

  • SHA1

    592dc08e825b709ce6659b6fe0e0115f3b3c07c4

  • SHA256

    c42f5a5dd598b693fbe399ee2373e90ff0316935e923a81b39c4700fef60e0ea

  • SHA512

    4536a1a23539280e5fde4d398577a36a44e0c51ef2d6a2eb452037c6b7b1cdd3de80fbfb96a972fac367f9986c741a5ca386e2d8a846b2fa9fadcce758e80767

  • SSDEEP

    768:iPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJf63KmlDnNzbFwv4:Gok3hbdlylKsgqopeJBWhZFGkE+cL2Nd

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.2491.3650.28971.xlsx

    • Size

      36KB

    • MD5

      1f168ac4f678476e493552e65995ae1a

    • SHA1

      592dc08e825b709ce6659b6fe0e0115f3b3c07c4

    • SHA256

      c42f5a5dd598b693fbe399ee2373e90ff0316935e923a81b39c4700fef60e0ea

    • SHA512

      4536a1a23539280e5fde4d398577a36a44e0c51ef2d6a2eb452037c6b7b1cdd3de80fbfb96a972fac367f9986c741a5ca386e2d8a846b2fa9fadcce758e80767

    • SSDEEP

      768:iPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJf63KmlDnNzbFwv4:Gok3hbdlylKsgqopeJBWhZFGkE+cL2Nd

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks