5e3d1eeae424a4599333e894286d36289ed65633ee6d57d7b29af07a3e6ca8ba | Triage

Sharing

General

Target

5e3d1eeae424a4599333e894286d36289ed65633ee6d57d7b29af07a3e6ca8ba
Size

47KB
Sample

241119-ydjvwssakn
MD5

285d817b9912c4f3d3d433e96bb9f0ed
SHA1

2b2daa1bf07a3522da899582d56214ac7cde94b1
SHA256

5e3d1eeae424a4599333e894286d36289ed65633ee6d57d7b29af07a3e6ca8ba
SHA512

32d0cfc21d4a5fe906893d7b28262f10c2b6d7c9120b783ce2f52d93ebe3e5cb4307d9821c1e6d608c13c5fe73322dc1cfb64d1e2eac78e9cc8327a4fc66d99f
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFK:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gv

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  5e3d1eeae424a4599333e894286d36289ed65633ee6d57d7b29af07a3e6ca8ba
- Size
  
  47KB
- MD5
  
  285d817b9912c4f3d3d433e96bb9f0ed
- SHA1
  
  2b2daa1bf07a3522da899582d56214ac7cde94b1
- SHA256
  
  5e3d1eeae424a4599333e894286d36289ed65633ee6d57d7b29af07a3e6ca8ba
- SHA512
  
  32d0cfc21d4a5fe906893d7b28262f10c2b6d7c9120b783ce2f52d93ebe3e5cb4307d9821c1e6d608c13c5fe73322dc1cfb64d1e2eac78e9cc8327a4fc66d99f
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFK:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gv
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2