04e761489828266245914d1a048b8a9c0632cad23f775c50d83a4173126cb3d8 | Triage

Sharing

General

Target

04e761489828266245914d1a048b8a9c0632cad23f775c50d83a4173126cb3d8
Size

46KB
Sample

241119-wxaefsyrhw
MD5

b53e9f5d085488c2c16b3d40f8e3dc22
SHA1

31d91c910bdd2d03e680e184d1f8b31c8c8711bd
SHA256

04e761489828266245914d1a048b8a9c0632cad23f775c50d83a4173126cb3d8
SHA512

3d7dcb1f8a5e7be093e584dc188bfd1aa52f744cc991e40c403457124e044285cced20d72ae658a206011a43c92b9521930be1169f36302df1bbc24e7d7c02f3
SSDEEP

768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VgTBs7QqvZQ4tsdurr:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Ur

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://202.29.80.55/2021/z/

xlm40.dropper

http://23.239.12.243/dealspot/SvebxVmFucz/

xlm40.dropper

https://adviceme.gr/test/SSzbOkk633/

Targets

- Target
  
  04e761489828266245914d1a048b8a9c0632cad23f775c50d83a4173126cb3d8
- Size
  
  46KB
- MD5
  
  b53e9f5d085488c2c16b3d40f8e3dc22
- SHA1
  
  31d91c910bdd2d03e680e184d1f8b31c8c8711bd
- SHA256
  
  04e761489828266245914d1a048b8a9c0632cad23f775c50d83a4173126cb3d8
- SHA512
  
  3d7dcb1f8a5e7be093e584dc188bfd1aa52f744cc991e40c403457124e044285cced20d72ae658a206011a43c92b9521930be1169f36302df1bbc24e7d7c02f3
- SSDEEP
  
  768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VgTBs7QqvZQ4tsdurr:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Ur
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2