53f380eea2b27b0934c695591a9038372edd73562be1ee4008a7ac6b83d0d9b2 | Triage

Sharing

General

Target

Document-138395542.zip
Size

494KB
Sample

211021-1g1c6abgbm
MD5

4f07628744993a4c51bf11d0b5a3a6af
SHA1

6e9109d98d5c0fbf4dd9e30565996f07321208a7
SHA256

53f380eea2b27b0934c695591a9038372edd73562be1ee4008a7ac6b83d0d9b2
SHA512

1e3ef8fae948da188ca3677df42bd03a8f38596e4157fc62bff80a35845b2ae1cb11e78ba376bc6e2961d922b03e174556e0854cc8b1f3c24d1ecbe446b711d3

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://190.14.37.244/44490.9823697917.dat

xlm40.dropper

http://194.36.191.35/44490.9823697917.dat

xlm40.dropper

http://178.23.190.8/44490.9823697917.dat

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://190.14.37.244/44490.9015596065.dat

xlm40.dropper

http://194.36.191.35/44490.9015596065.dat

xlm40.dropper

http://178.23.190.8/44490.9015596065.dat

Targets

- Target
  
  Document-138395542.xls
- Size
  
  537KB
- MD5
  
  88d4946e37afc60d707b8182f050a2df
- SHA1
  
  afe97738f786f99a077cf535c1e3770e05b56887
- SHA256
  
  ab30095a5e8e8df5537d543ce27fc11ad889e5949a107816759f7aa6dae1903f
- SHA512
  
  bcf903ee7907ecdbf57e65f87ffb696ed1fa49bfba41d6a8253f89441a9d5494bdde9e17076f7d77bee38da74f1cd02bbc548f12aa54874802f963c84b993d2f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2