d6b9ba7711114e7e0fff780f4807474078b897e6e2d68989a63f5cc2a627124b | Triage

Sharing

General

Target

e038e28f7a1788b1135d89552c71b937_JaffaCakes118
Size

36KB
Sample

241211-g23jga1jbs
MD5

e038e28f7a1788b1135d89552c71b937
SHA1

f88bd72d4d3f40c9abccfb885775bdf3e934f729
SHA256

d6b9ba7711114e7e0fff780f4807474078b897e6e2d68989a63f5cc2a627124b
SHA512

fe565e834e1c92247f97c4ca98e490f0ef5bb5915ae469c8ff768fac69fd8c8d6241f51e3fea3a0301d7bff86a93b6e4198ed25c6a94bba4e4e4cce43e0e1139
SSDEEP

768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxAusmLqbfls:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Na

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

xlm40.dropper

https://statedauto.com/wp-data.php

Targets

- Target
  
  e038e28f7a1788b1135d89552c71b937_JaffaCakes118
- Size
  
  36KB
- MD5
  
  e038e28f7a1788b1135d89552c71b937
- SHA1
  
  f88bd72d4d3f40c9abccfb885775bdf3e934f729
- SHA256
  
  d6b9ba7711114e7e0fff780f4807474078b897e6e2d68989a63f5cc2a627124b
- SHA512
  
  fe565e834e1c92247f97c4ca98e490f0ef5bb5915ae469c8ff768fac69fd8c8d6241f51e3fea3a0301d7bff86a93b6e4198ed25c6a94bba4e4e4cce43e0e1139
- SSDEEP
  
  768:cPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxAusmLqbfls:Iok3hbdlylKsgqopeJBWhZFGkE+cL2Na
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2