2a18bc317cccc6ba26d5ea0396578c227c7bafac9e840f9248dc64632e4a5610 | Triage

Sharing

General

Target

2a18bc317cccc6ba26d5ea0396578c227c7bafac9e840f9248dc64632e4a5610
Size

96KB
Sample

241119-x6dzns1arc
MD5

15f453b2cba1c0f1cda08506ebfb51ce
SHA1

19507599ea12a683f16a0c01aa8621d8f210eb27
SHA256

2a18bc317cccc6ba26d5ea0396578c227c7bafac9e840f9248dc64632e4a5610
SHA512

e47dfaf804016ae9454c9bf67d50da532e0649786af6cb679f9810edc987cfbb296b6ea54f4e8358332db03c334f431cd80e3114e7a083e7e0d6c90fe5d7d724
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJm4:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/

xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/

xlm40.dropper

http://atici.net/c/JDFDBMIz/

xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

- Target
  
  2a18bc317cccc6ba26d5ea0396578c227c7bafac9e840f9248dc64632e4a5610
- Size
  
  96KB
- MD5
  
  15f453b2cba1c0f1cda08506ebfb51ce
- SHA1
  
  19507599ea12a683f16a0c01aa8621d8f210eb27
- SHA256
  
  2a18bc317cccc6ba26d5ea0396578c227c7bafac9e840f9248dc64632e4a5610
- SHA512
  
  e47dfaf804016ae9454c9bf67d50da532e0649786af6cb679f9810edc987cfbb296b6ea54f4e8358332db03c334f431cd80e3114e7a083e7e0d6c90fe5d7d724
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJm4:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2