a74da8649fea66330816220b40520f3c1325f9ba993eef1f7cab6bf389fff6f6

Resubmissions

13-03-2021 14:11

210313-2axtd6t3cx 10

13-03-2021 14:08

210313-sjyj8z7kcs 10

Sharing

Copy URL

Twitter E-mail

General

Target

5446284463603712.zip
Size

54KB
Sample

210313-sjyj8z7kcs
MD5

dc65b741644447243c1982b676599e61
SHA1

38f806e171ded0c723c62cbf719ed622ce2c99b9
SHA256

a74da8649fea66330816220b40520f3c1325f9ba993eef1f7cab6bf389fff6f6
SHA512

0b8d4ee2bee3834e012adde25728325ba3a8d2c7e0686d7c09ea26ccfde392969ca7420a0d7f1ab638b2c1da3eb80cadc99db538eaa63738f0bc888d2c62a54f

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://195.123.220.67/44268.6285018519.dat

xlm40.dropper

http://45.150.67.127/44268.6285018519.dat

xlm40.dropper

http://181.215.47.82/44268.6285018519.dat

xlm40.dropper

http://reynare.com/sbazaa/44268.6285018519.dat

xlm40.dropper

http://hosting152231.a2e16.netcup.net/zhrzoxxo/44268.6285018519.dat

Targets

- Target
  
  2b5c81678f0dcf599ccb6233e6e7cdf5188e80e7628e2ca831a14b4002a95025
- Size
  
  277KB
- MD5
  
  1948bc3b2bf65c03c43a8ce5cac48dcf
- SHA1
  
  51b3a92fae730691ebe98542a328446c703aa74a
- SHA256
  
  2b5c81678f0dcf599ccb6233e6e7cdf5188e80e7628e2ca831a14b4002a95025
- SHA512
  
  566157b6bc604c0076340c62c58d2f1591520e81fa3d41b952b44b5ecf9a104895414bc3407310ab740f2537d3d70ab0840a5010f0f5eb9af0c7bf46a8f61ddf
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2