SecuriteInfo.com.Heur.15528.14839

General
Target

SecuriteInfo.com.Heur.15528.14839

Size

91KB

Sample

210222-1rhcm1p6ke

Score
10 /10
MD5

5a75c6184001a6b8785206f1e2121290

SHA1

b3ec9fbcc5e96c45e74d503210a51a7ee5ce8132

SHA256

c71bd3833fbb10cd2f845c83a6ed957f3243990de48a74b4d5cf1602303f4bb1

SHA512

d1d29f02ae53f7fe04ebab4e628d0e30f0f9f4c1bbe58ef3eed9bc3f44d0b2af4b8df2b81fbcd75ba083f77c52a7827cbb6b089382f3d8c9d6aae12bf8cf2760

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

https://pg.happyslot88.cc/ds/2202.gif

Targets
Target

SecuriteInfo.com.Heur.15528.14839

MD5

5a75c6184001a6b8785206f1e2121290

Filesize

91KB

Score
10 /10
SHA1

b3ec9fbcc5e96c45e74d503210a51a7ee5ce8132

SHA256

c71bd3833fbb10cd2f845c83a6ed957f3243990de48a74b4d5cf1602303f4bb1

SHA512

d1d29f02ae53f7fe04ebab4e628d0e30f0f9f4c1bbe58ef3eed9bc3f44d0b2af4b8df2b81fbcd75ba083f77c52a7827cbb6b089382f3d8c9d6aae12bf8cf2760

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10