Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

04eca136ab220409c60bf9929b6c91f7512f38b0490af2ce5ba50dc9bf9a65c2
Size

352KB
Sample

230129-x3rrcsag39
MD5

dbefcffa218ce440de3a930ffbbc46ff
SHA1

b14d706a3556d750ff8ea0f4ad41b9b393eaa33c
SHA256

04eca136ab220409c60bf9929b6c91f7512f38b0490af2ce5ba50dc9bf9a65c2
SHA512

6027cb1e0de3635d47aa737ef527708522f20636e5039c2463e15f5b72a2209956ed59e00c584d7175c9211bc0ce9fb4ae5abe1e0f084803d2a646653f78657f
SSDEEP

6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnh:ui1QzB8WTyjNpMesUbsXmR6hS06qnh

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://powerdust.digital/g

Targets

- Target
  
  04eca136ab220409c60bf9929b6c91f7512f38b0490af2ce5ba50dc9bf9a65c2
- Size
  
  352KB
- MD5
  
  dbefcffa218ce440de3a930ffbbc46ff
- SHA1
  
  b14d706a3556d750ff8ea0f4ad41b9b393eaa33c
- SHA256
  
  04eca136ab220409c60bf9929b6c91f7512f38b0490af2ce5ba50dc9bf9a65c2
- SHA512
  
  6027cb1e0de3635d47aa737ef527708522f20636e5039c2463e15f5b72a2209956ed59e00c584d7175c9211bc0ce9fb4ae5abe1e0f084803d2a646653f78657f
- SSDEEP
  
  6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnh:ui1QzB8WTyjNpMesUbsXmR6hS06qnh
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2