General

  • Target

    29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

  • Size

    357KB

  • Sample

    220329-tw9rtagbg8

  • MD5

    529c87179e723fd839f4a355c7857d55

  • SHA1

    443cf660b2561ff6d52ff76d2ec126b882b659e9

  • SHA256

    29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

  • SHA512

    995aa497406860bbad2c2e119c62919c6f7e5f80a355ab7545699654c049183871d32cee1e3c1ab16e52fb71ba29af4639f9abdb6b511d7136aadd310572c6b7

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://i.sfu.edu.ph/ds/161120.gif

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://i.sfu.edu.ph/ds/161120.gif

Targets

    • Target

      29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

    • Size

      357KB

    • MD5

      529c87179e723fd839f4a355c7857d55

    • SHA1

      443cf660b2561ff6d52ff76d2ec126b882b659e9

    • SHA256

      29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

    • SHA512

      995aa497406860bbad2c2e119c62919c6f7e5f80a355ab7545699654c049183871d32cee1e3c1ab16e52fb71ba29af4639f9abdb6b511d7136aadd310572c6b7

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks