ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0 | Triage

Sharing

General

Target

CE868C3CD85ACB99DF28599FEC809E3AF99292F996755DBAD8038118201BEDD0
Size

217KB
Sample

221123-r2hjeadb2s
MD5

e98525ed6bbd581d1af240f519c9d69e
SHA1

590bf50a76eb3e327b37dd80f875461707eb0a61
SHA256

ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0
SHA512

fca5f1f578512ce409548a6b741586452da9ac1deb424c07a050d99b3d2f34d348ee7c1d6e6335a057589498d67503e231350982da44c9e315ca22f7a8eead2a
SSDEEP

6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQmg:WbGUMVWlbg

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atlantia.sca.org/php_fragments/D8Nwm2F80BL4s/

xlm40.dropper

https://amorecuidados.com.br/wp-admin/t3D/

xlm40.dropper

http://aibwireless.com/cgi-bin/zR2mG25Ssk8dH/

xlm40.dropper

http://thuybaohuy.com/wp-content/u3MJwXSP9tmiaTCyZD/

Targets

- Target
  
  CE868C3CD85ACB99DF28599FEC809E3AF99292F996755DBAD8038118201BEDD0
- Size
  
  217KB
- MD5
  
  e98525ed6bbd581d1af240f519c9d69e
- SHA1
  
  590bf50a76eb3e327b37dd80f875461707eb0a61
- SHA256
  
  ce868c3cd85acb99df28599fec809e3af99292f996755dbad8038118201bedd0
- SHA512
  
  fca5f1f578512ce409548a6b741586452da9ac1deb424c07a050d99b3d2f34d348ee7c1d6e6335a057589498d67503e231350982da44c9e315ca22f7a8eead2a
- SSDEEP
  
  6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgzyY+TAQXTHGUMEyP5p6f5jQmg:WbGUMVWlbg
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2