482285516285607ee4b35dbc025f408ff3301412aae78c0dea3923dcddadf09a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

116487b81edf6630fcdc81f2e5470254_JaffaCakes118
Size

36KB
Sample

241004-cjvnpasepd
MD5

116487b81edf6630fcdc81f2e5470254
SHA1

e9b2236a28e3ba469910a12aad777a17e9002dc0
SHA256

482285516285607ee4b35dbc025f408ff3301412aae78c0dea3923dcddadf09a
SHA512

9eb21c5bf5dde14dde9e6e93b416dde2b51674b877e1aea21b701b701bc4dc3f571ab0a1b23e20b372807d816b50f0881a7330c6d17a7eb4f921ac2e7f4f6753
SSDEEP

768:FPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJj1XrrwM+7T5FgZto:tok3hbdlylKsgqopeJBWhZFGkE+cL2NV

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  116487b81edf6630fcdc81f2e5470254_JaffaCakes118
- Size
  
  36KB
- MD5
  
  116487b81edf6630fcdc81f2e5470254
- SHA1
  
  e9b2236a28e3ba469910a12aad777a17e9002dc0
- SHA256
  
  482285516285607ee4b35dbc025f408ff3301412aae78c0dea3923dcddadf09a
- SHA512
  
  9eb21c5bf5dde14dde9e6e93b416dde2b51674b877e1aea21b701b701bc4dc3f571ab0a1b23e20b372807d816b50f0881a7330c6d17a7eb4f921ac2e7f4f6753
- SSDEEP
  
  768:FPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJj1XrrwM+7T5FgZto:tok3hbdlylKsgqopeJBWhZFGkE+cL2NV
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2