d52a9041aee8e5323880334d19970c99af44351485a6cbb235b154c30cd01f4f | Triage

Sharing

General

Target

d52a9041aee8e5323880334d19970c99af44351485a6cbb235b154c30cd01f4f
Size

46KB
Sample

241119-xgtzlavnan
MD5

58ac1d39939864155103df5a68818ff0
SHA1

1a687e31faeafe4d411abfb8cceeca46430c258d
SHA256

d52a9041aee8e5323880334d19970c99af44351485a6cbb235b154c30cd01f4f
SHA512

dbf4224c2edf22e4c4203b90df6596487e83e88c6d769746d34f107c7c3db1311e38a04d4d1ff3096abf0a68151b11bbe55e1a05a152a61ec19b9fd14c2f0bd6
SSDEEP

768:hDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+V2Ps7ZUqEp6Lkvuhu:hYKpb8rGYrMPe3q7Q0XV5xtezE8vG8UA

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://worldmedicsky.info/matsumoto-/Tv2IOGr2p/

xlm40.dropper

http://www.zvdesign.info/components/OFBzyGyPSJQamODF4S/

xlm40.dropper

http://ftp.yuecmr.org/wp-content/EoHM9Z73mGN43lp60x/

Targets

- Target
  
  d52a9041aee8e5323880334d19970c99af44351485a6cbb235b154c30cd01f4f
- Size
  
  46KB
- MD5
  
  58ac1d39939864155103df5a68818ff0
- SHA1
  
  1a687e31faeafe4d411abfb8cceeca46430c258d
- SHA256
  
  d52a9041aee8e5323880334d19970c99af44351485a6cbb235b154c30cd01f4f
- SHA512
  
  dbf4224c2edf22e4c4203b90df6596487e83e88c6d769746d34f107c7c3db1311e38a04d4d1ff3096abf0a68151b11bbe55e1a05a152a61ec19b9fd14c2f0bd6
- SSDEEP
  
  768:hDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+V2Ps7ZUqEp6Lkvuhu:hYKpb8rGYrMPe3q7Q0XV5xtezE8vG8UA
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2