efcb2242da3692679ecb5065f772aaf7760ed6829390aaabaf07becd88d96c35 | Triage

Sharing

General

Target

efcb2242da3692679ecb5065f772aaf7760ed6829390aaabaf07becd88d96c35
Size

42KB
Sample

241120-3b53kazpcl
MD5

fa71eed42f2b6532e39f9d2bdefdc3f7
SHA1

fa792cfe99005b77c4cb4282fa02b9d75c784626
SHA256

efcb2242da3692679ecb5065f772aaf7760ed6829390aaabaf07becd88d96c35
SHA512

e62ee312623974f9a1bffda5d1eed6ceda4a4f0e7eb1b279be741d78b5082d31076b1c5d27b332e26253bd5e48b83362e7d1d5d892fb2d5fb2bf66b55216d566
SSDEEP

768:TBymkzWmJHVQqfFCfKp+UI5Ydjr0A2E0MXwpUlyBCoTaRcxUc58GUZsXRuFj4Y:TBWzLHThTdB2E0MqUlbEaRW83ZsBuFjl

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://wordpress.xinmoshiwang.com/list/1N5ty/

xlm40.dropper

http://ftp.appleshipstores.com/admin/8rsSDMyJv31SRdz/

xlm40.dropper

http://onaltiyadokuz.net/wp-snapshots/9Fvr0E6cY/

xlm40.dropper

http://cepasvirtual.com.ar/moodle/Lb4gSXE/

Targets

- Target
  
  Change of Address.xls
- Size
  
  91KB
- MD5
  
  30c683519923457efd9422b2eb3f2421
- SHA1
  
  be84a1176ebff85b4790a8fa10cb68c6c8d9c10b
- SHA256
  
  e41862e6cf7c3206fe699b624046c6d3f7ecd59fce0ddca1aadcc87b30545949
- SHA512
  
  542784a3fc79a5444d849b5c906765f79dd670b517db86970e9dcaca2f91893cc07f2ee85d1d702419cfa370b0e7edd9432151c30d36da028a58e01445c04192
- SSDEEP
  
  1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgzbCXuZH4gb4CEn9J4ZIgT:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2