e8acd27775be36af0b822c4d151afd1fe699530807744be4b6c0356a7f221602 | Triage

Sharing

General

Target

e8acd27775be36af0b822c4d151afd1fe699530807744be4b6c0356a7f221602
Size

47KB
Sample

241119-xtck3szgnf
MD5

6b9445e8cb9b46e27b9d06714e3f8d75
SHA1

8f602e6fc2e12d67273b7fb8a2bca07835a75554
SHA256

e8acd27775be36af0b822c4d151afd1fe699530807744be4b6c0356a7f221602
SHA512

3baf1778aecff4935af04c2198bff97e9e557595f5de093b605161b68655c1029dce8e2cbc08d88b2e56face6b81367487424cbb31c297fa072f1ba45389a444
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxF6:462tfQXi8vgLZkTOHkQT51Vp6AwPe8go

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  e8acd27775be36af0b822c4d151afd1fe699530807744be4b6c0356a7f221602
- Size
  
  47KB
- MD5
  
  6b9445e8cb9b46e27b9d06714e3f8d75
- SHA1
  
  8f602e6fc2e12d67273b7fb8a2bca07835a75554
- SHA256
  
  e8acd27775be36af0b822c4d151afd1fe699530807744be4b6c0356a7f221602
- SHA512
  
  3baf1778aecff4935af04c2198bff97e9e557595f5de093b605161b68655c1029dce8e2cbc08d88b2e56face6b81367487424cbb31c297fa072f1ba45389a444
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxF6:462tfQXi8vgLZkTOHkQT51Vp6AwPe8go
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2