324ac77fc10576ee2f4d22d75cfef4b40062e69dae7a0095ff66d47c7df9729b | Triage

Sharing

General

Target

2023-03-10-04c8640612e13344dffb70fccddb8ac9_unzipped.bin
Size

60KB
Sample

230311-slyq5abh51
MD5

04c8640612e13344dffb70fccddb8ac9
SHA1

282981b58026f705047e8c8f007f03dbd9839e1d
SHA256

324ac77fc10576ee2f4d22d75cfef4b40062e69dae7a0095ff66d47c7df9729b
SHA512

85094b29a5d473e4a34574af7a12366e977a0ef36246b8d6fef63b35f5b818c3e3a4801130c63e862b571569344f7c672870b222d414c354b712b6e420a64fa1
SSDEEP

1536:tpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgaDOJiA6Cv/UGLI36yOAZE8q:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://nazreghadir.ir/wp-includes/kaiSEoHGa/

xlm40.dropper

https://mass-gardinen-shop.de/css/AHE8baLiW/

xlm40.dropper

http://kbmpti.filkom.ub.ac.id/config/LdgfVAaCy/

xlm40.dropper

http://www.hangaryapi.com.tr/wp-admin/E1gb6ognvvn8HX/

Targets

- Target
  
  2023-03-10-04c8640612e13344dffb70fccddb8ac9_unzipped.bin
- Size
  
  60KB
- MD5
  
  04c8640612e13344dffb70fccddb8ac9
- SHA1
  
  282981b58026f705047e8c8f007f03dbd9839e1d
- SHA256
  
  324ac77fc10576ee2f4d22d75cfef4b40062e69dae7a0095ff66d47c7df9729b
- SHA512
  
  85094b29a5d473e4a34574af7a12366e977a0ef36246b8d6fef63b35f5b818c3e3a4801130c63e862b571569344f7c672870b222d414c354b712b6e420a64fa1
- SSDEEP
  
  1536:tpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgaDOJiA6Cv/UGLI36yOAZE8q:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2