16b9606947d887d8c248a56462f7cfc4fb359a71e40671c03521a68f577a7663 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16b9606947d887d8c248a56462f7cfc4fb359a71e40671c03521a68f577a7663
Size

88KB
Sample

240902-1wpvzazapa
MD5

3d278e0411ced0e1e4bb927dc8f7f08a
SHA1

e2326ad0326a5d5de464b3486512f4dbbcdf877a
SHA256

16b9606947d887d8c248a56462f7cfc4fb359a71e40671c03521a68f577a7663
SHA512

aad1a38c5b4620202f93fbcdde6624b14d9fa2bf33ac6a92bc7ec6bf2bf12fb975971a4b4465ad35aa882485a7d4bece42235eed6f3a148b90f957874e488dfe
SSDEEP

1536:j5Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgR91vrVmxJiME2GhdD52lZPFu1AOgI+lw:VKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgv

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://sco.com.br/dPB0iPit6f8/b.html

xlm40.dropper

https://brunodinizitatiaia.com.br/eHOVauZU/b.html

xlm40.dropper

https://soccer-assist.co.uk/57IsaduJ/b.html

Targets

- Target
  
  16b9606947d887d8c248a56462f7cfc4fb359a71e40671c03521a68f577a7663
- Size
  
  88KB
- MD5
  
  3d278e0411ced0e1e4bb927dc8f7f08a
- SHA1
  
  e2326ad0326a5d5de464b3486512f4dbbcdf877a
- SHA256
  
  16b9606947d887d8c248a56462f7cfc4fb359a71e40671c03521a68f577a7663
- SHA512
  
  aad1a38c5b4620202f93fbcdde6624b14d9fa2bf33ac6a92bc7ec6bf2bf12fb975971a4b4465ad35aa882485a7d4bece42235eed6f3a148b90f957874e488dfe
- SSDEEP
  
  1536:j5Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgR91vrVmxJiME2GhdD52lZPFu1AOgI+lw:VKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgv
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2