5eb512924e585833ee9f0111efd74c3e3ced26d8a78db2b71d87bb6c9f684791 | Triage

Sharing

General

Target

5eb512924e585833ee9f0111efd74c3e3ced26d8a78db2b71d87bb6c9f684791
Size

49KB
Sample

220120-zte3babff9
MD5

0bd0bb6e3b99c184dc8b8a58d2b5f58d
SHA1

3fec116f481763a3adc7c4afab067ce8e78e7cea
SHA256

5eb512924e585833ee9f0111efd74c3e3ced26d8a78db2b71d87bb6c9f684791
SHA512

2e176bd2e223410b56ff698445963a83d0eaac73ba324f36341e1f8605acfb6730967c76da078b77b8323ba6708b23ce720351870a57ea42a295f91a7754d2ed

Score

10^/10

macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://0xb907d607/fer/fe1.html

Targets

- Target
  
  5eb512924e585833ee9f0111efd74c3e3ced26d8a78db2b71d87bb6c9f684791
- Size
  
  49KB
- MD5
  
  0bd0bb6e3b99c184dc8b8a58d2b5f58d
- SHA1
  
  3fec116f481763a3adc7c4afab067ce8e78e7cea
- SHA256
  
  5eb512924e585833ee9f0111efd74c3e3ced26d8a78db2b71d87bb6c9f684791
- SHA512
  
  2e176bd2e223410b56ff698445963a83d0eaac73ba324f36341e1f8605acfb6730967c76da078b77b8323ba6708b23ce720351870a57ea42a295f91a7754d2ed
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2