486011410d80fc17aaa070ed2bbb0367419b79fb77da01d503f84fad4dffe342 | Triage

Sharing

General

Target

486011410d80fc17aaa070ed2bbb0367419b79fb77da01d503f84fad4dffe342
Size

46KB
Sample

241120-2wd9xavdnh
MD5

8b65052cfc75035cea9fa038e3da2a54
SHA1

620871171c230d38bc48614992f4eb7366f41287
SHA256

486011410d80fc17aaa070ed2bbb0367419b79fb77da01d503f84fad4dffe342
SHA512

1e1e8ffb6fd4705da82eeff11f37216a11d2ee903f9174de8836fe0b1a7da7bb8d920cb18d1622d58909eee517d627172b26cc1a09837ce80b21140a31448f97
SSDEEP

768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VQTUs77quK7KtGu6w:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8UW

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://zktecovn.com/wp-admin/xxfnYY4zwOpFOgu3g1t/

xlm40.dropper

http://zacharywythe.com/pb_index_bak/SkEGB2c/

xlm40.dropper

http://zonainformatica.es/aspnet_client/pVcppgi00Dk/

Targets

- Target
  
  486011410d80fc17aaa070ed2bbb0367419b79fb77da01d503f84fad4dffe342
- Size
  
  46KB
- MD5
  
  8b65052cfc75035cea9fa038e3da2a54
- SHA1
  
  620871171c230d38bc48614992f4eb7366f41287
- SHA256
  
  486011410d80fc17aaa070ed2bbb0367419b79fb77da01d503f84fad4dffe342
- SHA512
  
  1e1e8ffb6fd4705da82eeff11f37216a11d2ee903f9174de8836fe0b1a7da7bb8d920cb18d1622d58909eee517d627172b26cc1a09837ce80b21140a31448f97
- SSDEEP
  
  768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VQTUs77quK7KtGu6w:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8UW
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2