4fbbd4c9591ac023cd7da6c9e9dd10e173c1e8db7302c424b401b5516ea09588 | Triage

Sharing

General

Target

4fbbd4c9591ac023cd7da6c9e9dd10e173c1e8db7302c424b401b5516ea09588
Size

44KB
Sample

240913-gbt5eaxapl
MD5

d597c69135c764796ccc916a9ed97d8f
SHA1

25bdf2dffd2df9435578eecd4ec560be5ede5678
SHA256

4fbbd4c9591ac023cd7da6c9e9dd10e173c1e8db7302c424b401b5516ea09588
SHA512

51220484fe348f5f99157882799f38e48948dce7bd648cd9913483d3a3a72ca9202628e0fdbf3a4bb24c273c07a3a3b6c9f49972a8a184591d8c2dc280fb4c58
SSDEEP

768:oPXk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWL6uShYUQgcUcwWNvW1Tpl3ZeT:EXk3hbdlylKsgqopeJBWhZFGkE+cL2Nf

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://gogaurav.com/lkcvjw.php

xlm40.dropper

https://wfduino.com/pcwblt.php

xlm40.dropper

https://susansquires.com/2014-style2.php

xlm40.dropper

https://animalbliss.com/xmlpl.php

Targets

- Target
  
  4fbbd4c9591ac023cd7da6c9e9dd10e173c1e8db7302c424b401b5516ea09588
- Size
  
  44KB
- MD5
  
  d597c69135c764796ccc916a9ed97d8f
- SHA1
  
  25bdf2dffd2df9435578eecd4ec560be5ede5678
- SHA256
  
  4fbbd4c9591ac023cd7da6c9e9dd10e173c1e8db7302c424b401b5516ea09588
- SHA512
  
  51220484fe348f5f99157882799f38e48948dce7bd648cd9913483d3a3a72ca9202628e0fdbf3a4bb24c273c07a3a3b6c9f49972a8a184591d8c2dc280fb4c58
- SSDEEP
  
  768:oPXk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJWL6uShYUQgcUcwWNvW1Tpl3ZeT:EXk3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2