a9c2f27b0666affc9f3cb78b5d662606cd0cb1be1c1dafd2c260ae229953b7c0 | Triage

Sharing

General

Target

a9c2f27b0666affc9f3cb78b5d662606cd0cb1be1c1dafd2c260ae229953b7c0.xlsx
Size

218KB
Sample

230211-ctltjaea73
MD5

8fbaa780c9336ea8887d8949ed114799
SHA1

726c148c897365be9f482d0dc1fcad6929461acc
SHA256

a9c2f27b0666affc9f3cb78b5d662606cd0cb1be1c1dafd2c260ae229953b7c0
SHA512

53dd882d04aaeded21d57856e9940ad71ce71c409c45d27a8ece5b72e13f5f52386bef984c83edcea62df772ecfba59fcf7729bdb944a4a3d209ba20430353d5
SSDEEP

6144:ik3hOdsylKlgxopeiBNhZF+E+W2kdALyY+TAQXTHGUMEyP5p6f5jQmqi:PbGUMVWlbqi

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/

xlm40.dropper

http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/NRAdJ/

xlm40.dropper

http://www.muyehuayi.com/cmp/Vtm2m7z88g/

Targets

- Target
  
  a9c2f27b0666affc9f3cb78b5d662606cd0cb1be1c1dafd2c260ae229953b7c0.xlsx
- Size
  
  218KB
- MD5
  
  8fbaa780c9336ea8887d8949ed114799
- SHA1
  
  726c148c897365be9f482d0dc1fcad6929461acc
- SHA256
  
  a9c2f27b0666affc9f3cb78b5d662606cd0cb1be1c1dafd2c260ae229953b7c0
- SHA512
  
  53dd882d04aaeded21d57856e9940ad71ce71c409c45d27a8ece5b72e13f5f52386bef984c83edcea62df772ecfba59fcf7729bdb944a4a3d209ba20430353d5
- SSDEEP
  
  6144:ik3hOdsylKlgxopeiBNhZF+E+W2kdALyY+TAQXTHGUMEyP5p6f5jQmqi:PbGUMVWlbqi
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2