General

  • Target

    047243f0092d33f9f63d268b3cb6e664

  • Size

    85KB

  • Sample

    231225-enf27sfda6

  • MD5

    047243f0092d33f9f63d268b3cb6e664

  • SHA1

    128584b0c7d4ece135fa7b538b7a7c0b54934c62

  • SHA256

    322690db73a63eeb3782f1856d98375d81d490385eb94b93772506d33c6cf073

  • SHA512

    b2bd43ebfc0462e7cd47943f5d1a49e47ed4197e7fa5543dff02d423bfae0d5160715d4553d6e4d3505839e19a5ef35e0c4845de5969e8192b7bec1274b68ef5

  • SSDEEP

    1536:gDhVxmyaa15pRxrDK341rDmf5TTlMVGoIahaDHTU6hryF70liWWGH0AeW/:wVIyaa1/rDSOmf92sTU2yF70liWW20k

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://162.248.227.39/first.php

Targets

    • Target

      047243f0092d33f9f63d268b3cb6e664

    • Size

      85KB

    • MD5

      047243f0092d33f9f63d268b3cb6e664

    • SHA1

      128584b0c7d4ece135fa7b538b7a7c0b54934c62

    • SHA256

      322690db73a63eeb3782f1856d98375d81d490385eb94b93772506d33c6cf073

    • SHA512

      b2bd43ebfc0462e7cd47943f5d1a49e47ed4197e7fa5543dff02d423bfae0d5160715d4553d6e4d3505839e19a5ef35e0c4845de5969e8192b7bec1274b68ef5

    • SSDEEP

      1536:gDhVxmyaa15pRxrDK341rDmf5TTlMVGoIahaDHTU6hryF70liWWGH0AeW/:wVIyaa1/rDSOmf92sTU2yF70liWW20k

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks