798d228040a2f838593fb8eeb1433db409ae4b84b98eeb4d7e12f12ff6664a7e | Triage

Sharing

General

Target

2022-11-12-e55e292c5eb77635423190a98a89863f_unzipped.bin
Size

91KB
Sample

230302-qp6vssdb33
MD5

e55e292c5eb77635423190a98a89863f
SHA1

517a5845a7e0f7af25366eace0ef15cefcef1ad2
SHA256

798d228040a2f838593fb8eeb1433db409ae4b84b98eeb4d7e12f12ff6664a7e
SHA512

e189460fd12ac5166808e24f4ffe82ab9fa478b274e1eac146d8de2bae8c6ddbe6ca8f59c33c0ee0722898d888a9616d48b7e6f22ca064ae92c5c10ee4df1815
SSDEEP

1536:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHbCXuZH4gb4CEn9J4ZPX5:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgl

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://datie-tw.com/img/O8G0RDZj7MYCuJyPoP/

xlm40.dropper

http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/

xlm40.dropper

https://copunupo.ac.zm/cgi-bin/WFFcGx/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/4cChao/

Targets

- Target
  
  2022-11-12-e55e292c5eb77635423190a98a89863f_unzipped.bin
- Size
  
  91KB
- MD5
  
  e55e292c5eb77635423190a98a89863f
- SHA1
  
  517a5845a7e0f7af25366eace0ef15cefcef1ad2
- SHA256
  
  798d228040a2f838593fb8eeb1433db409ae4b84b98eeb4d7e12f12ff6664a7e
- SHA512
  
  e189460fd12ac5166808e24f4ffe82ab9fa478b274e1eac146d8de2bae8c6ddbe6ca8f59c33c0ee0722898d888a9616d48b7e6f22ca064ae92c5c10ee4df1815
- SSDEEP
  
  1536:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHbCXuZH4gb4CEn9J4ZPX5:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgl
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2