f8e7b7e520968371d85fdec519012e15322f922ea0c2ad5c2ea871bcecb82f32 | Triage

Sharing

General

Target

2fa56344cbde0c57fccf80c992040155_JaffaCakes118
Size

36KB
Sample

241009-mqma1a1arq
MD5

2fa56344cbde0c57fccf80c992040155
SHA1

81fbc4d841b77f9938ade384b73ccb2e43c3520a
SHA256

f8e7b7e520968371d85fdec519012e15322f922ea0c2ad5c2ea871bcecb82f32
SHA512

8582f5dc7cf1b098259723e0d6eac3864d579ca007ed058b51f92af46953dcb11c9c21f394484bb95db7c5f3df36689ba60eebf4333dcf97456c073122ff9f10
SSDEEP

768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJtvH196B+esl4a:kok3hbdlylKsgqopeJBWhZFGkE+cL2NE

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  2fa56344cbde0c57fccf80c992040155_JaffaCakes118
- Size
  
  36KB
- MD5
  
  2fa56344cbde0c57fccf80c992040155
- SHA1
  
  81fbc4d841b77f9938ade384b73ccb2e43c3520a
- SHA256
  
  f8e7b7e520968371d85fdec519012e15322f922ea0c2ad5c2ea871bcecb82f32
- SHA512
  
  8582f5dc7cf1b098259723e0d6eac3864d579ca007ed058b51f92af46953dcb11c9c21f394484bb95db7c5f3df36689ba60eebf4333dcf97456c073122ff9f10
- SSDEEP
  
  768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJtvH196B+esl4a:kok3hbdlylKsgqopeJBWhZFGkE+cL2NE
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2