General

  • Target

    e7f800ea895ba59a6f2dd486c4b04287

  • Size

    186KB

  • Sample

    231220-tzhshaecc6

  • MD5

    e7f800ea895ba59a6f2dd486c4b04287

  • SHA1

    bdca0cc93e4733dc4926cd7f85a410293d39d2bb

  • SHA256

    c07af723990a19cc946a35efca0b6035129a74b0b9a62462261b164fb591e628

  • SHA512

    850b89777089051417f65a56df5bc0363e6d97ac868f288ee722176f60d4c85716ec92e7ffcc6275541b7492232b71f9842098c50ec1bb0bcfd3e194a1e3aafb

  • SSDEEP

    3072:7cXnM5Dpq6tgBh1fCbX4nhQc+fhwt1YtnGygiB5tpKdAjcS7A:7k4E9NfCbX4nSFhmLc5IGs

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://drive.imaarif.com/logs.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://drive.imaarif.com/logs.php

Targets

    • Target

      e7f800ea895ba59a6f2dd486c4b04287

    • Size

      186KB

    • MD5

      e7f800ea895ba59a6f2dd486c4b04287

    • SHA1

      bdca0cc93e4733dc4926cd7f85a410293d39d2bb

    • SHA256

      c07af723990a19cc946a35efca0b6035129a74b0b9a62462261b164fb591e628

    • SHA512

      850b89777089051417f65a56df5bc0363e6d97ac868f288ee722176f60d4c85716ec92e7ffcc6275541b7492232b71f9842098c50ec1bb0bcfd3e194a1e3aafb

    • SSDEEP

      3072:7cXnM5Dpq6tgBh1fCbX4nhQc+fhwt1YtnGygiB5tpKdAjcS7A:7k4E9NfCbX4nSFhmLc5IGs

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks