b758e63368072bda379034314fd29f05bc38fc380b331e2a91ff23a45c154fd8 | Triage

Sharing

General

Target

c790a44d768c4ae9b9119d61d2903420_JaffaCakes118
Size

318KB
Sample

240828-yxmqwstdld
MD5

c790a44d768c4ae9b9119d61d2903420
SHA1

8e17762b6a9e1dc1e662c8f8b2ab5e5337954ed2
SHA256

b758e63368072bda379034314fd29f05bc38fc380b331e2a91ff23a45c154fd8
SHA512

5b8bd48e0b57927dbeca4cd9e18eb9e4623ca5587c71f7139a12c88fc40276eaf71ec41d2736f1ea3f63e5284f14aff0abc21ea79a91444bd296eb8da233b14c
SSDEEP

6144:mcKoSsxzNDZLDZjlbR868O8KlVH3Be3q7uDphYHceXVhca+fMHLty/xcl8uUM+B6:IeLUIRfUI5uXL6nDJo+

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://mapleleafnetwork.net/ds/1502.gif

Targets

- Target
  
  c790a44d768c4ae9b9119d61d2903420_JaffaCakes118
- Size
  
  318KB
- MD5
  
  c790a44d768c4ae9b9119d61d2903420
- SHA1
  
  8e17762b6a9e1dc1e662c8f8b2ab5e5337954ed2
- SHA256
  
  b758e63368072bda379034314fd29f05bc38fc380b331e2a91ff23a45c154fd8
- SHA512
  
  5b8bd48e0b57927dbeca4cd9e18eb9e4623ca5587c71f7139a12c88fc40276eaf71ec41d2736f1ea3f63e5284f14aff0abc21ea79a91444bd296eb8da233b14c
- SSDEEP
  
  6144:mcKoSsxzNDZLDZjlbR868O8KlVH3Be3q7uDphYHceXVhca+fMHLty/xcl8uUM+B6:IeLUIRfUI5uXL6nDJo+
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2