21880f86396b4b6cd76cda5069875f99ae2bd05ec9c172bcc1afd4a5c8615fb4 | Triage

Sharing

General

Target

21880f86396b4b6cd76cda5069875f99ae2bd05ec9c172bcc1afd4a5c8615fb4
Size

95KB
Sample

241119-wv1hvszblg
MD5

4acd5c36cc2589db26bad10385e683c9
SHA1

c5523544dae70da2a27647809a27d663327fd025
SHA256

21880f86396b4b6cd76cda5069875f99ae2bd05ec9c172bcc1afd4a5c8615fb4
SHA512

7f83353cedf2aaeb3091bdda8e25e0e55e77507f066b96b6c11bf5ca3ab70e8324d0946d28f66b55cb2d4600551d52f2ce50d859fe8d9bdad32931478b3e4ae5
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJm5:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/YH8OJ1Zz8miBX/

xlm40.dropper

http://ebuysa.co.za/yt-assets/yZ30/

xlm40.dropper

http://3dstudioa.com.br/files/1ubPAB/

xlm40.dropper

http://boardmart.co.za/images/DvMHPbTLn/

Targets

- Target
  
  21880f86396b4b6cd76cda5069875f99ae2bd05ec9c172bcc1afd4a5c8615fb4
- Size
  
  95KB
- MD5
  
  4acd5c36cc2589db26bad10385e683c9
- SHA1
  
  c5523544dae70da2a27647809a27d663327fd025
- SHA256
  
  21880f86396b4b6cd76cda5069875f99ae2bd05ec9c172bcc1afd4a5c8615fb4
- SHA512
  
  7f83353cedf2aaeb3091bdda8e25e0e55e77507f066b96b6c11bf5ca3ab70e8324d0946d28f66b55cb2d4600551d52f2ce50d859fe8d9bdad32931478b3e4ae5
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJm5:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2