General

  • Target

    9c34a6ff99e4d38fb96471234da55fe5f8eb23f3e80916af6b100876cc55203b

  • Size

    94KB

  • Sample

    240912-1dsh5swbrq

  • MD5

    d81bfc1a9a4fd5687b4ee381701984cd

  • SHA1

    4716403fe1b25667095bd65aabfa087decef8665

  • SHA256

    9c34a6ff99e4d38fb96471234da55fe5f8eb23f3e80916af6b100876cc55203b

  • SHA512

    d5ad0e8b33aae8d6dfc8540812dc1a56b1a15a061ac35b4fc57de19f4146a746e0bf9bced8e0e2e9a9f1efea74d010a2f6db59481b365be0fd8400399a2ceae2

  • SSDEEP

    1536:nFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg7RHuS4hcTO97v7UYdEJm6m:FKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ent.draftserver.com/cgi-bin/q0T43kuB3QeVjr9Zn7MB/

xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/rbA4tnGz3iFzA8/

xlm40.dropper

https://www.evosp.com.br/doli/yupRZccN20nUJW4/

xlm40.dropper

https://www.reneetten.nl/Menu/zRiacFs/

Targets

    • Target

      9c34a6ff99e4d38fb96471234da55fe5f8eb23f3e80916af6b100876cc55203b

    • Size

      94KB

    • MD5

      d81bfc1a9a4fd5687b4ee381701984cd

    • SHA1

      4716403fe1b25667095bd65aabfa087decef8665

    • SHA256

      9c34a6ff99e4d38fb96471234da55fe5f8eb23f3e80916af6b100876cc55203b

    • SHA512

      d5ad0e8b33aae8d6dfc8540812dc1a56b1a15a061ac35b4fc57de19f4146a746e0bf9bced8e0e2e9a9f1efea74d010a2f6db59481b365be0fd8400399a2ceae2

    • SSDEEP

      1536:nFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg7RHuS4hcTO97v7UYdEJm6m:FKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks