ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0 | Triage

Sharing

General

Target

CE868C3CD85ACB99DF28599FEC809E3AF99292F996755DBAD8038118201BEDD0
Size

217KB
Sample

221123-r2hjeadb2s
MD5

e98525ed6bbd581d1af240f519c9d69e
SHA1

590bf50a76eb3e327b37dd80f875461707eb0a61
SHA256

ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0
SHA512

fca5f1f578512ce409548a6b741586452da9ac1deb424c07a050d99b3d2f34d348ee7c1d6e6335a057589498d67503e231350982da44c9e315ca22f7a8eead2a
SSDEEP

6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQmg:WbGUMVWlbg

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atlantia.sca.org/php_fragments/D8Nwm2F80BL4s/

xlm40.dropper

https://amorecuidados.com.br/wp-admin/t3D/

xlm40.dropper

http://aibwireless.com/cgi-bin/zR2mG25Ssk8dH/

xlm40.dropper

http://thuybaohuy.com/wp-content/u3MJwXSP9tmiaTCyZD/

Targets

- Target
  
  CE868C3CD85ACB99DF28599FEC809E3AF99292F996755DBAD8038118201BEDD0
- Size
  
  217KB
- MD5
  
  e98525ed6bbd581d1af240f519c9d69e
- SHA1
  
  590bf50a76eb3e327b37dd80f875461707eb0a61
- SHA256
  
  ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0
- SHA512
  
  fca5f1f578512ce409548a6b741586452da9ac1deb424c07a050d99b3d2f34d348ee7c1d6e6335a057589498d67503e231350982da44c9e315ca22f7a8eead2a
- SSDEEP
  
  6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQmg:WbGUMVWlbg
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2