General

  • Target

    56631e1af321572b4368ea8e7c84083fe8dc69a3f751d85f3945e4dc8224a92a

  • Size

    96KB

  • Sample

    241111-vs5t5a1mhs

  • MD5

    1907c75174509739e7ac28a213703559

  • SHA1

    8fcb5a2c830321cc3437fd075ebcb67c881c0402

  • SHA256

    56631e1af321572b4368ea8e7c84083fe8dc69a3f751d85f3945e4dc8224a92a

  • SHA512

    68260347f44517fe8a92a9bd85644fd8bb23d394cad5c6c4b3e7d7944d08e3a8b83eb73db876bf4e6ed564f64f17a72af9ff5111d0441d489a4bbfea64c4215d

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmw:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/

xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/

xlm40.dropper

http://atici.net/c/JDFDBMIz/

xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

    • Target

      56631e1af321572b4368ea8e7c84083fe8dc69a3f751d85f3945e4dc8224a92a

    • Size

      96KB

    • MD5

      1907c75174509739e7ac28a213703559

    • SHA1

      8fcb5a2c830321cc3437fd075ebcb67c881c0402

    • SHA256

      56631e1af321572b4368ea8e7c84083fe8dc69a3f751d85f3945e4dc8224a92a

    • SHA512

      68260347f44517fe8a92a9bd85644fd8bb23d394cad5c6c4b3e7d7944d08e3a8b83eb73db876bf4e6ed564f64f17a72af9ff5111d0441d489a4bbfea64c4215d

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmw:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks