General

  • Target

    bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

  • Size

    352KB

  • Sample

    230129-x3fn4aag25

  • MD5

    432b05fb9731cb01d37aacbbb1083351

  • SHA1

    27228feb776a3f613fcbc4b6b7df8209197116f7

  • SHA256

    bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

  • SHA512

    71c20fefa1606dcae2a3da2d2755bc4c2db804a779d939c0fe0cc740b4841c840f7dbf808faf2c779d75b58194913cac7097e393c1bbe874ddbcf39eefcddff8

  • SSDEEP

    6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnv:ui1QzB8WTyjNpMesUbsXmR6hS06qnv

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://powerdust.digital/g

Targets

    • Target

      bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

    • Size

      352KB

    • MD5

      432b05fb9731cb01d37aacbbb1083351

    • SHA1

      27228feb776a3f613fcbc4b6b7df8209197116f7

    • SHA256

      bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

    • SHA512

      71c20fefa1606dcae2a3da2d2755bc4c2db804a779d939c0fe0cc740b4841c840f7dbf808faf2c779d75b58194913cac7097e393c1bbe874ddbcf39eefcddff8

    • SSDEEP

      6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnv:ui1QzB8WTyjNpMesUbsXmR6hS06qnv

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks