General

  • Target

    c5328ed41a29c2fa0205cd6888b16cd9b14dc4d3b6a313e534bbe11ca613630c

  • Size

    53KB

  • Sample

    241111-w7glhssnbt

  • MD5

    68ff5a0cd03a24a4bdd34939f2fce2ff

  • SHA1

    130ecf89ee70c52df8b48817b9b64c53a3f957e1

  • SHA256

    c5328ed41a29c2fa0205cd6888b16cd9b14dc4d3b6a313e534bbe11ca613630c

  • SHA512

    a4528ddb13ad13354ad0393fe4c435238e22519a62f46a950037beac77ca5aa0d237dbc3058f434ba9c2bde603cf636814c68ce9589a2a69a5350ecc2839f5bf

  • SSDEEP

    1536:LPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyn:rKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMN

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/

xlm40.dropper

http://ocalogullari.com/inc/Wcm82enrs8/

xlm40.dropper

https://myphamcuatui.com/assets/OPVeVSpO/

xlm40.dropper

http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/

Targets

    • Target

      c5328ed41a29c2fa0205cd6888b16cd9b14dc4d3b6a313e534bbe11ca613630c

    • Size

      53KB

    • MD5

      68ff5a0cd03a24a4bdd34939f2fce2ff

    • SHA1

      130ecf89ee70c52df8b48817b9b64c53a3f957e1

    • SHA256

      c5328ed41a29c2fa0205cd6888b16cd9b14dc4d3b6a313e534bbe11ca613630c

    • SHA512

      a4528ddb13ad13354ad0393fe4c435238e22519a62f46a950037beac77ca5aa0d237dbc3058f434ba9c2bde603cf636814c68ce9589a2a69a5350ecc2839f5bf

    • SSDEEP

      1536:LPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyn:rKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMN

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks