General

  • Target

    82e10c3d2609e3cdee2ce4bd3843f2c0b6ca1df3763e2c6423dcda02d8c20f26

  • Size

    95KB

  • Sample

    241111-vj1h2svpfm

  • MD5

    c0d1c4f21544d403e41fd9bf1abbf343

  • SHA1

    a4f8c8659910fee0eeb2657b5c8932b2808f99d3

  • SHA256

    82e10c3d2609e3cdee2ce4bd3843f2c0b6ca1df3763e2c6423dcda02d8c20f26

  • SHA512

    281220f37e4d90ac92da17a3ca4298cc9124fec0c398882a6951f39194567bbb3c7fed09c279952591fd495b199a8c66e382b0fc2c980005ba9200bf1fb0affb

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFB2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgk

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/

xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/

xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/

xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      82e10c3d2609e3cdee2ce4bd3843f2c0b6ca1df3763e2c6423dcda02d8c20f26

    • Size

      95KB

    • MD5

      c0d1c4f21544d403e41fd9bf1abbf343

    • SHA1

      a4f8c8659910fee0eeb2657b5c8932b2808f99d3

    • SHA256

      82e10c3d2609e3cdee2ce4bd3843f2c0b6ca1df3763e2c6423dcda02d8c20f26

    • SHA512

      281220f37e4d90ac92da17a3ca4298cc9124fec0c398882a6951f39194567bbb3c7fed09c279952591fd495b199a8c66e382b0fc2c980005ba9200bf1fb0affb

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFB2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks