75f4e9cb71e583ca3f8b19691b5754adb9c981580762137f82443e1eec468f9c

Sharing

Copy URL

Twitter E-mail

General

Target

wordpress-6.7.1.zip
Size

27.3MB
Sample

241205-rqsj8sykby
MD5

743489098d970b226772de7b8b6553b1
SHA1

9867f75df4b90c4490b3e6a63475090b631ecf47
SHA256

75f4e9cb71e583ca3f8b19691b5754adb9c981580762137f82443e1eec468f9c
SHA512

972d76829c3fef21fd21f51021be6585837570f4a16eef18f62266950b972842fca4e81faea88819fa83310ee2595fa3f6292801918a5625e1b415540bc4a06e
SSDEEP

786432:BcoLBX0zo+mBjXle6wpKEZi8eD79NhTuMnjR1i5HX50k:B/LN0lmBjXM2LDfv+J0k

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://api.wordpress.org/plugins/info/1.2/

Targets

- Target
  
  wordpress-6.7.1.zip
- Size
  
  27.3MB
- MD5
  
  743489098d970b226772de7b8b6553b1
- SHA1
  
  9867f75df4b90c4490b3e6a63475090b631ecf47
- SHA256
  
  75f4e9cb71e583ca3f8b19691b5754adb9c981580762137f82443e1eec468f9c
- SHA512
  
  972d76829c3fef21fd21f51021be6585837570f4a16eef18f62266950b972842fca4e81faea88819fa83310ee2595fa3f6292801918a5625e1b415540bc4a06e
- SSDEEP
  
  786432:BcoLBX0zo+mBjXle6wpKEZi8eD79NhTuMnjR1i5HX50k:B/LN0lmBjXM2LDfv+J0k
Score

3^/10

discovery
behavioral1
- Target
  
  wordpress/wp-includes/Requests/src/Transport/Curl.php
- Size
  
  19KB
- MD5
  
  168bd2c6706199a5c979118cc0f8bdec
- SHA1
  
  cddecd6f56b04cb8ecf28841af4b882f19cd4498
- SHA256
  
  4498e570c33cc4de77333a07fa57b8f92343134ac12f467317df345676d4fe3f
- SHA512
  
  c87419c2b946659c731426b70a1894b0db13ef826b1d0a58423ad8cd047d8fe673ba45a9a3329d64c71512e17d13a460ba0967d390ef164fc81eabbe05becf2f
- SSDEEP
  
  384:YCR4T7EjklGqNjBp+UxNTiTBoeAGw/xwmdEL6ppb:YCR43EjklGAjBp/TiTOeAG1mdEL6ppb
Score

3^/10

execution
behavioral2
- Target
  
  wordpress/wp-includes/Requests/src/Transport/Fsockopen.php
- Size
  
  15KB
- MD5
  
  393568a895aaffe6e95e26391f9055cd
- SHA1
  
  dc52b3d0766a0b8d409aee291ed14a4c9195b961
- SHA256
  
  24386ac0368704c471635cbf151827a19c890fdb3547bb3bb81c549301a0c749
- SHA512
  
  06aafccae0e822faf050dc69bdb29c66c442dc28ce0af5efaf7cb1c608771bcd53a42ed34671d725a36c5ffdb78a40245c626ee72440189deb968e79bfe21f68
- SSDEEP
  
  384:WzFh90NjBpdtOzsDA6oaPuPUVVrxOlQxNTiLkUU2I:WzFP6jBprOzsDA6DPuPUVVXTiVU2I
Score

3^/10

execution
behavioral3
- Target
  
  wordpress/wp-includes/SimplePie/src/Cache/MySQL.php
- Size
  
  15KB
- MD5
  
  ba913aeca21251e892f7561c0217797a
- SHA1
  
  69bdaa50bb703fc9d87e55d7f68fb4a0f437907b
- SHA256
  
  c712ed19e3995b740b35ead129d2d7bbdbce0df731846ce86f032907f9b60f9e
- SHA512
  
  af53e5b4eb3ac06fda2a5698c366662b198391f09b391350570792060154e2ff38acc6e549de7d89851b2c7f2557191a4e3bedfa15185ad6fe9762bbee20ffc1
- SSDEEP
  
  192:ZOrLRrtH/b3N3/uPaGO/SKpi3u+fSSYytlP9iEpi5yV+CqSUSCySoZ3BIojSCLYZ:MrLRrtfz1/HG+gRpVpimK
Score

3^/10

execution
behavioral4
- Target
  
  wordpress/wp-includes/SimplePie/src/Content/Type/Sniffer.php
- Size
  
  9KB
- MD5
  
  4aff14a723019f3236947c3010edc01d
- SHA1
  
  51776600a31b67862ab317c47de86366ffcfb7d1
- SHA256
  
  2def2a45e2eb28d7931f0e2263619b23d800a3dd543640d2feac64f63fbed434
- SHA512
  
  fc9b5a69a06096bb5ba45daf373f941a6f15b2fa727652d696e1618c107407895e9d4a828542c42aa5e35ff43d2358f7fda47af9ac6ffff38c4bfc8ed897cb96
- SSDEEP
  
  192:ZOrLRrtH/b3N3/uQJ8W37JKXxXI+ml4jtGBgntQ:MrLRrtfz1/5JB4B4l4K
Score

3^/10

discovery
behavioral5
- Target
  
  wordpress/wp-includes/SimplePie/src/Decode/HTML/Entities.php
- Size
  
  16KB
- MD5
  
  89996ad18b70267980c511b7d6e9ec55
- SHA1
  
  13d5955212fcd840bb2d2beb06090852b291185d
- SHA256
  
  cd0f2e277419a868f7f66c3dfd844d30ec27d7b8bd7f5ff9d1a84f65f0b284f5
- SHA512
  
  9ac7daa0bffed28239317b705e61cf1f5535cac82809188a9accc1b6d5a5f5ac6bb348086b6d00a74f8e171c92b04b143acb36cb78fd89b5a87e9e69d56954ae
- SSDEEP
  
  192:aOrLRrtH/b3N3/uSXzTW/F0hIRMrqgoxmH5ztAwpnwPaTSXKImYhUAlQVrdMpXcF:NrLRrtfz1/xvWt6QwpwPntdU1CCDAA+o
Score

3^/10

execution
behavioral6
- Target
  
  wordpress/wp-includes/SimplePie/src/File.php
- Size
  
  12KB
- MD5
  
  c9c717e63296cd81f463111fcaa1b5da
- SHA1
  
  156bccdea46ae2f43d5e93d07a8696bd647de1ac
- SHA256
  
  c897a2a5979386c36aee3bf44f3ec770ce2d30defe209078834c50a568f031c4
- SHA512
  
  8556727004cd85f8397d298bb74b124c76fb14b8377e8bc9dc363a07f2091d33337beb2f02d0f1600be95d7086f0d9f48b50e229f1d275bb9230658f15885ebf
- SSDEEP
  
  192:ZOrLRrtH/b3N3/ui0YK216lv6arcasn/Jaj3OTsiSFknV3Am/6OfS0TsTprALCyR:MrLRrtfz1/bBK2DalAJlTgE0WT8WZ
Score

3^/10

execution
behavioral7
- Target
  
  wordpress/wp-includes/SimplePie/src/Locator.php
- Size
  
  15KB
- MD5
  
  2799409d68fb8f2c9096121839aec559
- SHA1
  
  b36e3abbc62d30fd9965e03fc5fd749a9cc87915
- SHA256
  
  c539b56e50ca310655c4b8f6edff1bf35a7e293d15f36ba5d5b19fcf2f08cf7c
- SHA512
  
  62bae1b30fd726472dd6d8311bca2dac4ccad7051aed6508a50fd4f32e5d3331859498370eb0d53163235a21d93256339801943fbefebfd480de6e52f1018950
- SSDEEP
  
  384:MrLRrtfz1/bC5wQfLLAZJEdXo9dqdIowXzR8:MpF1/bC5RfLLAZJ+XoL2twt8
Score

3^/10

execution
behavioral8
- Target
  
  wordpress/wp-includes/SimplePie/src/Misc.php
- Size
  
  67KB
- MD5
  
  eebe129c49c4b51272a4239980a29465
- SHA1
  
  63607b71f615d76565f3fcb38dfefc8a8b47c77c
- SHA256
  
  4a781ae7c146f38162848115b7ca78f1d89e06cb6ec4a8cda6915690660b9d14
- SHA512
  
  5d982f73e9fb592ff6209a8011e98c8fd95b138a8ed52ae594b7739bbe3d58ce4c552b4df3d364076ece6a99f4dac3da9403583dd7577d4b165ebae8efff8048
- SSDEEP
  
  1536:Mp/dN39ToOJVyc5zz6tCSIOs+7MuTyvQdEjMZhGdRvR7RpRUk:MpVNtToOfyc5f6gSIOFAuTKC0yhGTJVN
Score

3^/10

execution
behavioral9
- Target
  
  wordpress/wp-includes/SimplePie/src/Parse/Date.php
- Size
  
  26KB
- MD5
  
  1540a2c8825b02871b71ca720eed7f3b
- SHA1
  
  6473999ab34779bfb79098766bcc76c572beefe0
- SHA256
  
  e66b1c3744622c83f74f4ad7005b546bf6b145983a4e2045edeb8c85e835fb38
- SHA512
  
  9d44a35adb58cbe982a5dc91f77510fffdd3d8002d41a9c7fbcb5422972d9b84ece26b8966e9bcf3f4fc49cd3982852775c4257d8409e6c27801e96b40e7bcd2
- SSDEEP
  
  384:MrLRrtfz1/3MK0CazL4sdA45olSYCTkKLjWleu1JvOdA0XT/svhgoA930Z1zHJCv:MpF1/cbpCLJvYAhg/0Z1Y2N7hzKP
Score

3^/10

execution
behavioral10
- Target
  
  wordpress/wp-includes/SimplePie/src/Sanitize.php
- Size
  
  24KB
- MD5
  
  302c6bf1d04986e7b8563b751777682d
- SHA1
  
  5a32cbcd6676e00641d492da5d08f86d34596e64
- SHA256
  
  61e16bf51cc746b7a390b91eb8ad42dab3624b56f11ff32cf726c04c4588afcc
- SHA512
  
  2a2325b69b89addd44adc017f78f4800e0db308d375cdb5245f6f1a1a5e61b7c9c3a62c95bb01bcead9a10d78dc5648ba7015753415fbd636ad23132c588ea02
- SSDEEP
  
  768:MpF1/Ec/hOZofBTd+FfWYdzZCblDk7FXQhXAQNfGpr:Mp/EcJOZofBTdwfWYeblDk7FXQhXAQNC
Score

3^/10

execution
behavioral11
- Target
  
  wordpress/wp-includes/SimplePie/src/SimplePie.php
- Size
  
  117KB
- MD5
  
  8faa17497763e60a2411492b015bd35c
- SHA1
  
  54dab74dfc0aaec8fa19d6b6c27c1872cb21924d
- SHA256
  
  8fef2a85d1cfc1b5d7b619e91917000a496dc0a89d2af411d8bbe091fc66408c
- SHA512
  
  21924f47e7cbf5e804d6ee097399900896e0420be742f3664c709d35dcf030045e39424e50432581819d291b738b6c1ffd160fb81afcc3b47dc807711fa43819
- SSDEEP
  
  1536:Mp/PcWG/40Ow5DDQY6yNsnQXQASV2eOZO1FDbcb:Mp3ctOuDQYn4Ny
Score

3^/10

execution
behavioral12
- Target
  
  wordpress/wp-includes/Text/Diff.php
- Size
  
  12KB
- MD5
  
  071fa496d41e4600f5d0289045156eb0
- SHA1
  
  5929a0da8a84bc36204d40b5d39e314fd36d17d9
- SHA256
  
  ddc917676e9d173ea77b727a01ad01df1d90ffb2acadbfecd0eb72faaa478d8b
- SHA512
  
  847e0237f9caad8f47044f44e6050c721d0082401965c12077e9e06c0d87bfcaf7711c6fa17d1a99f5f50f7d44ccfa505332aa6273eae63c91e7184e8ab1e43e
- SSDEEP
  
  192:eh/VRVT/Yc1M5jTwyCoysI+3aXryyjc3y4bwy+PNyb8zfxdy/cJJ+M8sDnnfBhJq:0+c1M5bUXxdykJlhRUM85IRebuCAQP
Score

3^/10

execution
behavioral13
- Target
  
  wordpress/wp-includes/Text/Diff/Engine/shell.php
- Size
  
  5KB
- MD5
  
  7443bb26aa932003ba7742d0e64007c6
- SHA1
  
  02f2fbe5aadcca0e21639b89556028e8704dccc4
- SHA256
  
  a376895680e77451496664a3465712506e3d6a77d5f78271e34f903f769d9200
- SHA512
  
  632c6b3b3355eeef476b9c4daac0a34b4a2713228f256f1681ca1c6a188146f73eb0d6f6989e0ea5515e81b5cf39ab071b40bdd08a1170b8ca3b3306bd63aa86
- SSDEEP
  
  48:cHjcqmoCa/lmj/iCUTh7F+le+loutelLuFtVhvPcW1e8xVOFytVVGB4O8U/PH4Qg:ltoHKrEFNutkLuFvhsWtEytVoBMUnY8y
Score

3^/10

execution
behavioral14
- Target
  
  wordpress/wp-includes/Text/Diff/Renderer.php
- Size
  
  6KB
- MD5
  
  772ee2c2f301d6a822f526ab52b23c0e
- SHA1
  
  a8b0d8e766c827c334ae1df86a64a39085b63601
- SHA256
  
  88d54c6c1c0e53490d54ad80f2860f869aa86f6538739fe75b414d3ae61810f1
- SHA512
  
  af823e9ff344cc1eba28e034188d466220fa38b33f6cb2977655c8f16b941c181aaa91487ddb6e0cc20e09837feda99920eb66214d4172e8ab3478dc93ba228c
- SSDEEP
  
  192:LkvbDZB7YVtye4c8ASAZr1SZSDQKM5emHWAG:Lk0VvqsdR
Score

3^/10

execution
behavioral15
- Target
  
  wordpress/wp-includes/Text/Diff/Renderer/inline.php
- Size
  
  5KB
- MD5
  
  f832def2b37a3b0e2fc38f246df90407
- SHA1
  
  783c09e33713f7e0079a93ef5868dcbe7f8c9bcb
- SHA256
  
  21d31fa0bec82925b4d402b494b5486fa594fe45c3117d4adb60eaaa11959d4f
- SHA512
  
  31a1d357b5a37c0f931134d1e758a4a3c763626497a55719a674e501a2ca718ad406d9c2e55a552f4c5cd16c5030bfb1a22154bf53d743224eadb334edfb3ccf
- SSDEEP
  
  96:QS0rDk0j9uwO1//5/kWd2Y/ShdhxQRnQyPP7dH/pEfyLykstCBoIs:Q/rg0j9uwO5/58bLD2CyPDdREaOk5Bk
Score

3^/10

execution
behavioral16
- Target
  
  wordpress/wp-includes/atomlib.php
- Size
  
  11KB
- MD5
  
  3279d4c60465bc94d98cf9ea482da9f7
- SHA1
  
  0df6add59d0f92bad979795e8cd537d356f3a890
- SHA256
  
  fe32a7f6e056b77f8312139654aa99e6cc043bb4e63405d993c4c02d43b32261
- SHA512
  
  bbc084036c7f82d606845b0a3c0091de7a362b149d4ab36805f1a8db1d5733107d8fbb4489200c3978b812cf3d8dd48df00f2f00b80e290fd6e1666c778c5f7a
- SSDEEP
  
  192:ddHurTI79srOjG/VEyc/EZRiqzbp1mQJlvx5iSjYKRhhT+XdJs51CYxuoSCMSCys:jYTI79srd/8cGqOkDdg
Score

3^/10

execution
behavioral17
- Target
  
  wordpress/wp-includes/block-editor.php
- Size
  
  27KB
- MD5
  
  f78767afabc5d50943012b74ab9f2a38
- SHA1
  
  16c542d113c3498c4dc1f2c8567977019442500a
- SHA256
  
  03d76d1095adf4454ac0ff7a9945c08255d4b0b4a4cda806e222115c30d84a8a
- SHA512
  
  5fd6b4524e68cd5671f03977b533006943b404862748643df971b78df70fe066f09f00cc81b7446da1d7dffdc5232d4f2e0454c5e1a2780d5a557fba4c34fb9b
- SSDEEP
  
  768:HN9llxgLavqF0razz+6+LWEwHuGxgNAQ0/vcbI0CdIRswcIA4NbPYcEr2MYahqv:HN9llxgL6FrsILW2MgNAQ0/vcbI0CdIB
Score

3^/10

execution
behavioral18
- Target
  
  wordpress/wp-includes/block-supports/elements.php
- Size
  
  8KB
- MD5
  
  50f0876b86314533d9d7aca7b534c95c
- SHA1
  
  c767bdea610fe7361f938220aaabad673da1708a
- SHA256
  
  4b4824f55df879fca6e2344a31029ef72c2f2c8ce35c54391381a8636785d846
- SHA512
  
  9312f660e293f8a1e8fd4ea80fceb7269d3fd3eacc5922370e389a2825b1a6a3c0d1bfbf21beb3cb686934ad63afda7de919383aaf14f2f3a396160505e472db
- SSDEEP
  
  192:qeeIPAh4ygKHIDsgLvfJdhg8jHB1904gxgS92RNpcMbkPwqK6UJLAVGPHuHfwji9:qeeIPAh4ygKHIDsgjJdC8jHB19tgxgSD
Score

3^/10

execution
behavioral19
- Target
  
  wordpress/wp-includes/blocks.php
- Size
  
  102KB
- MD5
  
  3860a7fc2267d246697b9b1c0d1b0abe
- SHA1
  
  7967ff2813b318e953825c341704cd8ac3bb6e78
- SHA256
  
  e9e5f8c5af03da4ae8c24393b35eb2a90ad03791cd3857f940ae76e7d619b091
- SHA512
  
  ed20acbefb65b61171853b899135c321a8b99c6a7ae1bf7faed349646dc05222cc5eca0d6e25144165dd0739c6b0a8b0ce0f6b10919cbe3ef79a8639d35e706a
- SSDEEP
  
  3072:yJa27Oq82iq3S1vcfHMfEr//IWixobl1OoWvoTFNmD9fCxfFy:yJa27Oq82iq3S1vcfHMfEr//IWixoblA
Score

3^/10

execution
behavioral20
- Target
  
  wordpress/wp-includes/blocks/categories.php
- Size
  
  3KB
- MD5
  
  a88175d821eaf9b2a41fd0ec7a9bbebd
- SHA1
  
  7cf534f72122d2092907585b66922ca8b582eeda
- SHA256
  
  ca407424809234bbb3c287e6a2dd2dbf613452424c8eca9732659bcf764e1ea2
- SHA512
  
  a0b8af4ecc815dd4022bf410c16a68b5cd3e573dc7cd1245b305ca952f9d7338e36aab87eb36b615d827262ba2611bb32b9c1aed03c098c951213bcbcf6c1c71
Score

3^/10

execution
behavioral21
- Target
  
  wordpress/wp-includes/category-template.php
- Size
  
  55KB
- MD5
  
  f2376cddde3ad8a43dd9e329812ed458
- SHA1
  
  12b0540a19f588ac819d6eaeeca4ce9bcceb0b9a
- SHA256
  
  c8f2ae53edac225c72915fd46acb26ff84bf5148a348a6967016b3ada66c6860
- SHA512
  
  6c8f1a2efa503640500bc0e2af4b14a6663a1880d417ee5478e2d3b0159cbbbc093968ee4ca8c09d76a98120e2706b7c376caa29286ab84ca0b53f998ce5e12a
- SSDEEP
  
  1536:xgy69y6iDSxBcktPRHWFU/3q8VxhorPr7529RYeQYV/:xgy69y6iDSDFyf752/YeQYV/
Score

3^/10

execution
behavioral22
- Target
  
  wordpress/wp-includes/category.php
- Size
  
  12KB
- MD5
  
  f94df0dbbb782fd2b27f0addf6eec2f2
- SHA1
  
  41889d7e286ee1604ecfacff2f608f854d506d36
- SHA256
  
  09f9f91678eef7efb6057ee0f686eede0c18341636d5d935fa14b19562f61f8b
- SHA512
  
  277d61bb19383fc45a7ba02d8f802d481567557385ff8c46a3c2545efb90460736c1c17318abdac4efa2891e021bd3c2afcdf39cc834f60adc81a62fb41a6067
- SSDEEP
  
  192:CsVSaqJ/GDwfdONeWjebTbDTnEigtkTFVWAj5+:CsTYevN7ibTbDThdeAj5+
Score

3^/10

execution
behavioral23
- Target
  
  wordpress/wp-includes/class-json.php
- Size
  
  42KB
- MD5
  
  23c9deb0d142730fe241cd2a872edac6
- SHA1
  
  f60dae52b0dc3c7f02c0da86f23edd80e9213095
- SHA256
  
  c2995f011303ef3fe0a9ac9be7dbb76c9aba7cefe46019e4b7b02d7ed8aacf39
- SHA512
  
  054be3465e9dd20be5ccdf4a9cedefabbb5a11473f53f97b861943f1a5201950aa53e5042c0e5bbae77012ec2485f7ec846cc28652dac4d564c2b439d075bcee
- SSDEEP
  
  768:jK+XRLzwAnIiAxLt4oisu0FBgPSfi3PmiVH:jK+XRXILt4oaR
Score

3^/10

execution
behavioral24
- Target
  
  wordpress/wp-includes/class-phpass.php
- Size
  
  6KB
- MD5
  
  0af5ab8d65492d63d409242eec4e0345
- SHA1
  
  92ce94f6921c6aabefc10ec944ad1b435b1cc3ed
- SHA256
  
  eac68d6268d6704c8ca3195a731a6cc476e6dbfc6a604adb784886e3a0b10221
- SHA512
  
  792abe25c7f40eb452527af8cc3d33b28578852fdefc1f0971ad979b0cb5cd5b9bffeb55d3a37e112df45013a350c2399a76983ae414af6924ba2fdfeac7ba3c
- SSDEEP
  
  192:bLqJHF5ZPPjzaPUsarQakXP0BlkbyuL3TBNp8ox7xyDSIv9s6a:bLqJl5ZP/aPUnruP0BlkbyuLTHPFdz
Score

3^/10

execution
behavioral25
- Target
  
  wordpress/wp-includes/class-pop3.php
- Size
  
  20KB
- MD5
  
  dcde834abb4ee44743a65268d9064e6f
- SHA1
  
  df448f68c72d06145c5958904ee843f46769eed1
- SHA256
  
  6e3f6af68a4c0bf7c82716a008c2a62a560b3ea78d4b2a7b010ef76fa0a09cfe
- SHA512
  
  68fc0964adbe0893823d77f2aaa2420efc7d26627b3692e56677a1a5b3ba3794d7e2409e7915255bfd25ad9873689282ae6149eee0c6ea440f0039152d7c9c3b
- SSDEEP
  
  192:0xEHMpMPw8hTys2fvNCWobPqLya8v2RCyQvyMXKC80NSX/G4Tvt2N660ygUFUyaA:e2Pd2fVn0CmalqqRWuPEbaY9
Score

3^/10

execution
behavioral26
- Target
  
  wordpress/wp-includes/js/swfupload/license.txt
- Size
  
  1KB
- MD5
  
  cbe05bb060c85e07882dc06ff751577a
- SHA1
  
  484721c34462a6d52553eeedda2710d0763192f8
- SHA256
  
  fabfe8dccef11ae5e93f8bdcdb807f4e3d342f07cbb24979bccb35668d78c0d2
- SHA512
  
  601d85b77f52e4c53b370dbf61040281cd8dbec3a0141dd0cf93442c4da2924f0f41919291d9b41f69d952862b781a187139a586802dc4fa75b9e42134b138ec
Score

1^/10
behavioral27
- Target
  
  wordpress/wp-includes/js/thickbox/loadingAnimation.gif
- Size
  
  14KB
- MD5
  
  ce2268030dd2151b63cdf4ffc2f626ba
- SHA1
  
  15280f21eb43f5fa7838dcf011f67d79e301b15f
- SHA256
  
  6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
- SHA512
  
  6164daef98d93dc1878bd776934c013f7e750cf7ef45959c17f12c0251c89fb0bca26ffe0d2c1defecc8881105a42cca0e61459a2a57639e75f26458301c67dc
- SSDEEP
  
  384:4THgxWfUWshZ7ytfidOv7xrfo1bl2nklWYvYyDjqbRGpUPsTR:4TAxWfUWsL788Ov7x0bl2kxYyDmbRGiy
Score

3^/10

discovery
behavioral28
- Target
  
  wordpress/wp-includes/js/thickbox/macFFBgHack.png
- Size
  
  94B
- MD5
  
  189217c8b067ef86add757922c2f75b4
- SHA1
  
  d31c95932aaa40a5dafb077fdb835e020584d8f1
- SHA256
  
  8acef2f4c6b1aac2fa69ad3f4955fbcedf4d95e20d68a4ea433786108bcb03ae
- SHA512
  
  fb680beecd7f426cd41449c3495281c1643ddbe672ab7848910f7703de17ce9d72f866a5958a62ff4e55502a7d7a07e08ade38972587046f99e3bb9b51fe89af
Score

3^/10
behavioral29
- Target
  
  wordpress/wp-includes/js/thickbox/thickbox.css
- Size
  
  2KB
- MD5
  
  37faeb50ef52da086e0f8c2c289e66d4
- SHA1
  
  3b273af579e5e5fa7c276c32028abd6df566a995
- SHA256
  
  b390a3efe231d9f38b3a706a5765a2a2f0817e761f60a27556171e9a276980e3
- SHA512
  
  c0edf75494d1c97d351fd9c7b83f5d024ed4f7a6c74b6ae963745ee0dfc1b8642bfcc01ac2e9d8a8e556d92778118837f1bbfdb235109b3407d61ac0e72e0a82
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral30
- Target
  
  wordpress/wp-includes/js/tinymce/license.txt
- Size
  
  25KB
- MD5
  
  6f9589e0c8df783acd1760d203bafffa
- SHA1
  
  0ca61022fd17d365f122ff90132ee1320b7f2ac8
- SHA256
  
  47a9dcd2574891a5a465112fd9dfcebcc7e61844edec27fa936a64642008fe66
- SHA512
  
  5ad4a54d541547e10f5bbcfc9902fa103f8e8689659c39acaea94687761f51f375946704ac59884c50c84da0f743b2b2a4aefaa164efa971ba44e03170ef4a6c
- SSDEEP
  
  384:LE56OuAbn/0U1+f6wFDVxnF+7xqsvLt+z/k8E9HinIVFkspWM9bc7opU0MZuQy:LE5trb+rnFCL1leSWmc7kUNZuQy
Score

1^/10
behavioral31
- Target
  
  wordpress/wp-includes/js/tinymce/plugins/compat3x/css/dialog.css
- Size
  
  7KB
- MD5
  
  aa77790f42e50f03b4ef956fc37cedd8
- SHA1
  
  872d5e2ae1e7b527619d4925123f6f8005bd696e
- SHA256
  
  48ff43089a1058bc227a219ede4a08ff89a20fdcebd07a916d508d7636caae31
- SHA512
  
  116aea0eb6fd5827e44de294b7c6d79c8cfdcc282bff6aa1f8ac9d77ffe829e8f380a3c3d248c5c40d339b437d4d50188ea88eb691a121cfc45e4c2e0a6da20c
- SSDEEP
  
  192:+ev/3YPmBD0Op9O654qZbL4AUqXSN4FuIlIIRln:LW6pb8AJXSN4g4rRln
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32