PRMS_822004851.zip

General
Target

PRMS_822004851.zip

Size

89KB

Sample

211014-fne1ksgahl

Score
10 /10
MD5

d1900635575b55cec4bd6d65f76933a3

SHA1

d581aabf5e91d6b28fcaac1ea0f4f00407626d18

SHA256

aab608f07f33eb9a5c6e673b32cfdccaf8034842dd607b51f9ddc3556be04fc0

SHA512

149b9ae4175b6e751d0aebaf520f114489fea19adc67f5c2922c8b88b6ccae09df850acf96aca114d5c533345b192365a485113d784b26bd67aa54e40bc7171c

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.220/44483.2933152778.dat

xlm40.dropper

http://23.106.125.233/44483.2933152778.dat

xlm40.dropper

http://178.23.190.199/44483.2933152778.dat

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.220/44483.2101575231.dat

xlm40.dropper

http://23.106.125.233/44483.2101575231.dat

xlm40.dropper

http://178.23.190.199/44483.2101575231.dat

Targets
Target

PRMS_822004851.xls

MD5

0fabeef31b401b43f6dad8a373d55d4a

Filesize

134KB

Score
10/10
SHA1

f42f36c2fbf269bba7db101991e1a5be2c185b64

SHA256

4ff4e135e3c8f23427763b635c0b38e3d7a4957e8ded530bbc1ded32c156c4c4

SHA512

69ee8d329595ae8630543a9cc4ecc82e1152b9816db02df8b2794fb786b0992f4d52250dfb9f56b93f6cbdbdc7068433dbbc45869bcd86aab1a0b02e5a1dbc85

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10