General

  • Target

    dff66092a593a2528782e9b42f712e8717cf8cd5e42348d13f9e907839b0cf53

  • Size

    70KB

  • Sample

    241111-w4trnstdkh

  • MD5

    e04410635f9f250d5846ab9ae13eb99f

  • SHA1

    940d2131c042ee644de0608d438ea5d589623b26

  • SHA256

    dff66092a593a2528782e9b42f712e8717cf8cd5e42348d13f9e907839b0cf53

  • SHA512

    cbe7b4116ad167cead3d8e68fa0bb12772cee5bb50ca587f8150d32c8a77daa9eb0a3d624c0c3a9d6c8070d054a8d3785b21e623528912f27bc3ba75a009fd13

  • SSDEEP

    1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8E7K:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMF

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://prprofile.com/wp-admin/CIqrvgYsvBiBlIM/

xlm40.dropper

https://retardantedefuegoperu.com/slider/rFhAa78/

xlm40.dropper

http://survei.absensi.net/cc-content/YCcjkOA3ijYNu46Y/

Targets

    • Target

      dff66092a593a2528782e9b42f712e8717cf8cd5e42348d13f9e907839b0cf53

    • Size

      70KB

    • MD5

      e04410635f9f250d5846ab9ae13eb99f

    • SHA1

      940d2131c042ee644de0608d438ea5d589623b26

    • SHA256

      dff66092a593a2528782e9b42f712e8717cf8cd5e42348d13f9e907839b0cf53

    • SHA512

      cbe7b4116ad167cead3d8e68fa0bb12772cee5bb50ca587f8150d32c8a77daa9eb0a3d624c0c3a9d6c8070d054a8d3785b21e623528912f27bc3ba75a009fd13

    • SSDEEP

      1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8E7K:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMF

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks