ba3d443673d9b9b96d6f9d52a19b9a756e300815f1f2af79128cece16a481c25 | Triage

Sharing

General

Target

ba3d443673d9b9b96d6f9d52a19b9a756e300815f1f2af79128cece16a481c25
Size

77KB
Sample

241120-1c14wsykgj
MD5

f7e9453bd7977b415e9020587e4fa6df
SHA1

548442780602838cec644b46497b5bdedd38067c
SHA256

ba3d443673d9b9b96d6f9d52a19b9a756e300815f1f2af79128cece16a481c25
SHA512

1a46c3ba1786ca4024b5515902c058ee64f30ca6595431dc0897e05a31fcafc88a7e65b10e7ef2a197c8cf9fd289d8004f71a0adf20f38dec01638f4aa45ba64
SSDEEP

1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgew+hD8nTLqQrRrZws8E6u:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://natdemo.natrixsoftware.com/wp-admin/QyqiN/

xlm40.dropper

http://luisangeja.com/COPYRIGHT/BJljffG6/

xlm40.dropper

http://nerz.net/stats/KVIyooM/

Targets

- Target
  
  ba3d443673d9b9b96d6f9d52a19b9a756e300815f1f2af79128cece16a481c25
- Size
  
  77KB
- MD5
  
  f7e9453bd7977b415e9020587e4fa6df
- SHA1
  
  548442780602838cec644b46497b5bdedd38067c
- SHA256
  
  ba3d443673d9b9b96d6f9d52a19b9a756e300815f1f2af79128cece16a481c25
- SHA512
  
  1a46c3ba1786ca4024b5515902c058ee64f30ca6595431dc0897e05a31fcafc88a7e65b10e7ef2a197c8cf9fd289d8004f71a0adf20f38dec01638f4aa45ba64
- SSDEEP
  
  1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgew+hD8nTLqQrRrZws8E6u:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2