38b01a12b8dcd39ebdcf9e97772e848237330eb227e1ccee80125564b27377e5

Sharing

Copy URL

Twitter E-mail

General

Target

11f44531fb088d31307d87b01e8eabff.zip.zip
Size

106KB
Sample

240528-2hx5vsfc5z
MD5

0cbede8a169ecbbabd533aa9202d9015
SHA1

6c75c16101b222cdfad0044b30b4c490d3d37097
SHA256

38b01a12b8dcd39ebdcf9e97772e848237330eb227e1ccee80125564b27377e5
SHA512

fc36ef1ee7a689e8ce03da39296958ac18196a25af9366ed5b2c528a9788a4413f5437f56004ca0489ab5ce36bb1b8750e92fed9df9ab36c4043133f5a625f6b
SSDEEP

3072:YNtkdbQ4WhaHRyfBZAzdm+KOH8ogqIi7WbD5PUn6:utmQ4xyfBZAhZKmz7YD5sn6

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://nws.visionconsulting.ro/N1G1KCXA/dot.html

xlm40.dropper

https://royalpalm.sparkblue.lk/vCNhYrq3Yg8/dot.html

Targets

- Target
  
  11f44531fb088d31307d87b01e8eabff.zip.zip
- Size
  
  106KB
- MD5
  
  0cbede8a169ecbbabd533aa9202d9015
- SHA1
  
  6c75c16101b222cdfad0044b30b4c490d3d37097
- SHA256
  
  38b01a12b8dcd39ebdcf9e97772e848237330eb227e1ccee80125564b27377e5
- SHA512
  
  fc36ef1ee7a689e8ce03da39296958ac18196a25af9366ed5b2c528a9788a4413f5437f56004ca0489ab5ce36bb1b8750e92fed9df9ab36c4043133f5a625f6b
- SSDEEP
  
  3072:YNtkdbQ4WhaHRyfBZAzdm+KOH8ogqIi7WbD5PUn6:utmQ4xyfBZAhZKmz7YD5sn6
Score

1^/10
behavioral1 behavioral2
- Target
  
  11f44531fb088d31307d87b01e8eabff.zip
- Size
  
  106KB
- MD5
  
  9458859abfd384f38362af01fb306f14
- SHA1
  
  2f507cca69fa3ef6cd091d27b21e99cfe1b73506
- SHA256
  
  6cec2bf8e5bde0a9d885ca6276d5a3d77affe4225824836a762984e7ecdc8a40
- SHA512
  
  6e839f4c92d2afe50d1feb29be0c72a8b511523cbfa49d99d2379feabdc0e2376c1bf2e3b03782592e5d9a69045913b18795d643e802171040c95c53ccca094c
- SSDEEP
  
  3072:RUehtXqP0AxDUIhAtLlLnmQofdRrHw0DMUHHu:R1tXqP3FsLlLolzHHu
Score

1^/10
behavioral3 behavioral4
- Target
  
  11f44531fb088d31307d87b01e8eabff/iroto.dll
- Size
  
  434KB
- MD5
  
  e03bde4862d4d93ac2ceed85abf50b18
- SHA1
  
  7d7c288a8cf7d4e5f64d616da699712b82760303
- SHA256
  
  055b9e9af987aec9ba7adb0eef947f39b516a213d663cc52a71c7f0af146a946
- SHA512
  
  12e8ef09745a562567dc3d18e3be72dac09120e7756d47d23a605a82499b1ed8ff471578f0f85a35685de13c93f1ad0834a89dce5d136527f731b5e170a520f1
- SSDEEP
  
  12:e9GSG2CTi/FfILQAu//6lgR0FWdzQ2VCARHUwOLe7EEe:e9GSnCTi9ALsQiQ296LG
Score

3^/10
behavioral5 behavioral6
- Target
  
  11f44531fb088d31307d87b01e8eabff/iroto1.dll
- Size
  
  434KB
- MD5
  
  8e6fbefcbac2a1967941fa692c82c3ca
- SHA1
  
  242a7803adb19f638ef62077f1b76756f3a13a0d
- SHA256
  
  e05c717b43f7e204f315eb8c298f9715791385516335acd8f20ec9e26c3e9b0b
- SHA512
  
  bc6dc64fa5bc19f234e3df27f718a50f82f6f086da2cd761d81edda4cf9355b40115279ebc368a0f55cf651405e34988336f9f5c3577ce7a7433971194a7b179
- SSDEEP
  
  12:e9GSG2CTi/FfILQAu//6lgR0FWdzQ2VCARHUwOLe7EEe:e9GSnCTi9ALsQiQ296LG
Score

3^/10
behavioral7 behavioral8
- Target
  
  11f44531fb088d31307d87b01e8eabff/research-1646684671.xls
- Size
  
  648KB
- MD5
  
  b775cd8be83696ca37b2fe00bcb40574
- SHA1
  
  60c8a9fdf2b24f8fb4913d4745a8557df5ff8e07
- SHA256
  
  1df68d55968bb9d2db4d0d18155188a03a442850ff543c8595166ac6987df820
- SHA512
  
  5ad4da8582bec3cc545e322cad2e356f59c4bfa5fe4ca90c0e781dd0e63a7aefbcc27b4045583232e4fdccffbc2bceb832b8d8e9ec3c070cf4b6559ca3c99a72
- SSDEEP
  
  6144:Hknl9oBdySAx76F6XeyTVtW/9Ny9ABnl5/PBgxOHjuM9Mn:jl5/WxIji
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10