71243aa303a229d55c0f78decfffc631a40524f309bda645fda46fa0a9d55b56 | Triage

Sharing

General

Target

71104249411-05132021.zip
Size

150KB
Sample

210513-yg8kjvjkl2
MD5

b3b041f438fe3f44cc0a566dee91e44f
SHA1

3ef91622ffc97e03f5e9d8617ec9c6e847219f01
SHA256

71243aa303a229d55c0f78decfffc631a40524f309bda645fda46fa0a9d55b56
SHA512

8bfe7206f5f193cf24acce39d4d2cabfd1ac780f01633e727f047026a7865134f123a754e879d54cb59c00ce0bcb1acb50a308b2e6fa0623ee9b68b79f8ec8d9

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://91.211.91.85/44329.6777201389.dat

xlm40.dropper

http://190.14.37.65/44329.6777201389.dat

xlm40.dropper

http://185.14.29.217/44329.6777201389.dat

Targets

- Target
  
  71104249411-05132021.xlsm
- Size
  
  197KB
- MD5
  
  84821ed2ca0bd77624d0c82b7aaf01d7
- SHA1
  
  bb5bb5e57bd1daa6633ef86bb13c077f1bf30fc8
- SHA256
  
  179a0be3b59ab9d37abc006ccca6a8b394b83ffdce38bf506b8ea75c16bc313a
- SHA512
  
  c2a78586a4c3bc59d57b8ac7a4a3d4ca199ab65eb208f9e86aad3d0533aa2beb4684cb9856f7f1fa1e5bc744661b50d17b7a4e177f0de425727baf00222d3095
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2