196e1cd140808b282f46375d3cb6e037dc747d28c7e7f3329dffe2a935e545ed | Triage

Sharing

General

Target

SecuriteInfo.com.Exploit.Siggen3.15300.7304.24796
Size

233KB
Sample

210315-2nmrkgl9hn
MD5

6f2293f8412b0321860df515c79ae447
SHA1

f46a8288e20702e749578fe6f6b4d935a15872df
SHA256

196e1cd140808b282f46375d3cb6e037dc747d28c7e7f3329dffe2a935e545ed
SHA512

58a3c66e790c6461c1ff9661b8baad47cd8f9a4d40f7abe2afdc516fbc46a38dcc1e7d5bb7666c035a5433141182950ebb480108dbc78442e543b3b6f5889695

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://188.127.235.70/44270.8254283565.dat

xlm40.dropper

http://185.82.217.185/44270.8254283565.dat

xlm40.dropper

http://188.127.235.71/44270.8254283565.dat

Targets

- Target
  
  SecuriteInfo.com.Exploit.Siggen3.15300.7304.24796
- Size
  
  233KB
- MD5
  
  6f2293f8412b0321860df515c79ae447
- SHA1
  
  f46a8288e20702e749578fe6f6b4d935a15872df
- SHA256
  
  196e1cd140808b282f46375d3cb6e037dc747d28c7e7f3329dffe2a935e545ed
- SHA512
  
  58a3c66e790c6461c1ff9661b8baad47cd8f9a4d40f7abe2afdc516fbc46a38dcc1e7d5bb7666c035a5433141182950ebb480108dbc78442e543b3b6f5889695
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2