0d3d978fa7182903220dab8ae73f7289a658602eb6263cbcb7cbdfbd4595c568 | Triage

Sharing

General

Target

0d3d978fa7182903220dab8ae73f7289a658602eb6263cbcb7cbdfbd4595c568
Size

47KB
Sample

241120-dvanbszale
MD5

5f0ae94b4a29ed1c2b3f2e3e7085ce3d
SHA1

a2e268c84deba2fec710e655d34b8cc9f7c5eb55
SHA256

0d3d978fa7182903220dab8ae73f7289a658602eb6263cbcb7cbdfbd4595c568
SHA512

bb154fbb8ac65a7cf56978d4be796ec663136508497414615637551fdbf3fe0791ba6823398fe2d62ab251348f2998840e50cb59a8922251b39995b7b04796dc
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFq:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gP

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  0d3d978fa7182903220dab8ae73f7289a658602eb6263cbcb7cbdfbd4595c568
- Size
  
  47KB
- MD5
  
  5f0ae94b4a29ed1c2b3f2e3e7085ce3d
- SHA1
  
  a2e268c84deba2fec710e655d34b8cc9f7c5eb55
- SHA256
  
  0d3d978fa7182903220dab8ae73f7289a658602eb6263cbcb7cbdfbd4595c568
- SHA512
  
  bb154fbb8ac65a7cf56978d4be796ec663136508497414615637551fdbf3fe0791ba6823398fe2d62ab251348f2998840e50cb59a8922251b39995b7b04796dc
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFq:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gP
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2