0b04a73276d99fa28e5e26793e8f21ad7fceff49f8a223935956f3f80c7ed67c | Triage

Sharing

General

Target

ebc7abb27c104ae2af0605933854586e_JaffaCakes118
Size

36KB
Sample

241213-q1alqssjdp
MD5

ebc7abb27c104ae2af0605933854586e
SHA1

01580543a2465bbb13f5fa589b5c52cd82484915
SHA256

0b04a73276d99fa28e5e26793e8f21ad7fceff49f8a223935956f3f80c7ed67c
SHA512

4db4b919f51104e8c27d19aeee88cf907c3ac83fdc91636ccbc66fa7cd140958d37f5c3a89217213c11059c80f3932eca58ad681bee2b4c5e195a8026ab39ac4
SSDEEP

768:YPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJJHF6gx/f7dTSXWK:Uok3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  ebc7abb27c104ae2af0605933854586e_JaffaCakes118
- Size
  
  36KB
- MD5
  
  ebc7abb27c104ae2af0605933854586e
- SHA1
  
  01580543a2465bbb13f5fa589b5c52cd82484915
- SHA256
  
  0b04a73276d99fa28e5e26793e8f21ad7fceff49f8a223935956f3f80c7ed67c
- SHA512
  
  4db4b919f51104e8c27d19aeee88cf907c3ac83fdc91636ccbc66fa7cd140958d37f5c3a89217213c11059c80f3932eca58ad681bee2b4c5e195a8026ab39ac4
- SSDEEP
  
  768:YPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJJHF6gx/f7dTSXWK:Uok3hbdlylKsgqopeJBWhZFGkE+cL2Nr
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2