General

  • Target

    ce17e0dc280e5c0dc0a536777e3980e10d29cef5ab4981ade6d1ddf704e60086

  • Size

    67KB

  • Sample

    241111-t9f2na1hlp

  • MD5

    fa064a655546974315772b0c69cbae45

  • SHA1

    9e00d9e23c3861c9a86e977a659ada32eedfda72

  • SHA256

    ce17e0dc280e5c0dc0a536777e3980e10d29cef5ab4981ade6d1ddf704e60086

  • SHA512

    6634ab2f774a2f25534a80b78cf9894e8be35674b01d9926cdc44a3d3093fae3a1babdba861ae37b7d3488402818684cee23186e5fb55e445c1eb3b5e7cd8ef9

  • SSDEEP

    1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/

xlm40.dropper

http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/

xlm40.dropper

http://masyuk.com/581voyze/MlX/

xlm40.dropper

http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/

Targets

    • Target

      ce17e0dc280e5c0dc0a536777e3980e10d29cef5ab4981ade6d1ddf704e60086

    • Size

      67KB

    • MD5

      fa064a655546974315772b0c69cbae45

    • SHA1

      9e00d9e23c3861c9a86e977a659ada32eedfda72

    • SHA256

      ce17e0dc280e5c0dc0a536777e3980e10d29cef5ab4981ade6d1ddf704e60086

    • SHA512

      6634ab2f774a2f25534a80b78cf9894e8be35674b01d9926cdc44a3d3093fae3a1babdba861ae37b7d3488402818684cee23186e5fb55e445c1eb3b5e7cd8ef9

    • SSDEEP

      1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks