74318ee6ddd9a64b1adab9f56d664fc278a3c2256f34e5b2872cf88a7f3ae293 | Triage

Sharing

General

Target

74318ee6ddd9a64b1adab9f56d664fc278a3c2256f34e5b2872cf88a7f3ae293
Size

95KB
Sample

241120-2mmvpavnay
MD5

3ab9d6b675d23446af2b3df65ac8245c
SHA1

2f0650d441f4a6cf4bab258c2ea7d1d35303f691
SHA256

74318ee6ddd9a64b1adab9f56d664fc278a3c2256f34e5b2872cf88a7f3ae293
SHA512

4858f6582682ee2563855219530034622f4bb36ea2e0094e2b4d830db13a9b02c75ad19e1f190d48823974a335379bc2703dcf39f3f6d994ae0b66b315c96331
SSDEEP

1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgCHuS4hcTO97v7UYdEJmUr:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgy

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.sunflowerlaboratory.in/fonts/79Tq62ly/

xlm40.dropper

http://dirigent.co.uk/vardagsekonomi/iC36jJ4J1cf/

xlm40.dropper

http://agtrade.hu/images/kiQYmOs2tSKq/

xlm40.dropper

https://www.zachboyle.com/wp-admin/EA470ZrTGNkuA/

Targets

- Target
  
  74318ee6ddd9a64b1adab9f56d664fc278a3c2256f34e5b2872cf88a7f3ae293
- Size
  
  95KB
- MD5
  
  3ab9d6b675d23446af2b3df65ac8245c
- SHA1
  
  2f0650d441f4a6cf4bab258c2ea7d1d35303f691
- SHA256
  
  74318ee6ddd9a64b1adab9f56d664fc278a3c2256f34e5b2872cf88a7f3ae293
- SHA512
  
  4858f6582682ee2563855219530034622f4bb36ea2e0094e2b4d830db13a9b02c75ad19e1f190d48823974a335379bc2703dcf39f3f6d994ae0b66b315c96331
- SSDEEP
  
  1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgCHuS4hcTO97v7UYdEJmUr:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgy
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2