6359565cc94bbaeb67f4ead057668000c81da0ef5bb9409f2c3abb7fbf372a3d | Triage

Sharing

General

Target

6359565cc94bbaeb67f4ead057668000c81da0ef5bb9409f2c3abb7fbf372a3d
Size

60KB
Sample

241119-mzx4vsvhrj
MD5

f39002351e4e8f6d38a26f0359a9ae21
SHA1

cc4df3ba4432ac72296b25d230e4adfe3aadb90a
SHA256

6359565cc94bbaeb67f4ead057668000c81da0ef5bb9409f2c3abb7fbf372a3d
SHA512

27fac9df86ce31cbe0b12b47ae5d6f64f3ca145381a8684aa20ca83cd546fd2b8daa441d5277cd6897c43c35cecad54014e4733f6a0317299670b7c0df763e34
SSDEEP

1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQ

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.valyval.com/pun/VAYL/

xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/

xlm40.dropper

http://calzadoyuyin.com/cgj-bin/jZPff/

xlm40.dropper

http://cagranus.com/slide/mcqAFuMhaekn/

Targets

- Target
  
  6359565cc94bbaeb67f4ead057668000c81da0ef5bb9409f2c3abb7fbf372a3d
- Size
  
  60KB
- MD5
  
  f39002351e4e8f6d38a26f0359a9ae21
- SHA1
  
  cc4df3ba4432ac72296b25d230e4adfe3aadb90a
- SHA256
  
  6359565cc94bbaeb67f4ead057668000c81da0ef5bb9409f2c3abb7fbf372a3d
- SHA512
  
  27fac9df86ce31cbe0b12b47ae5d6f64f3ca145381a8684aa20ca83cd546fd2b8daa441d5277cd6897c43c35cecad54014e4733f6a0317299670b7c0df763e34
- SSDEEP
  
  1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQ
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2