2df187001e2d2ffd0087d66370c1507d2a4beac5fb547706e632ae9146ba309c | Triage

Sharing

General

Target

2df187001e2d2ffd0087d66370c1507d2a4beac5fb547706e632ae9146ba309c
Size

110KB
Sample

241120-dwdflszanc
MD5

03b09f85a06eac66309a5cdbfada2d03
SHA1

fcec83812a1a76e9d4c7e4d1a767e470e3a7ac0a
SHA256

2df187001e2d2ffd0087d66370c1507d2a4beac5fb547706e632ae9146ba309c
SHA512

8df23ead08ca001a56818510fe304a91341736ba6dda98059f946670923ba9c4fe772f49022c9f536b0e3f510ae8b5afa4c995f51319043406639f14b674f561
SSDEEP

3072:VfKpbdrHYrMue8q7QPX+5xtekEdi8/dgVyVIBk6h2bsllScQjnxM:pKpbdrHYrMue8q7QPX+5xtFEdi8/dgVf

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://duvarkagitlarimodelleri.com/42hhp/gZXakh7/

xlm40.dropper

https://dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/

xlm40.dropper

http://animalsandusfujairah.com/wp-admin/JWO58zeUOwSI/

Targets

- Target
  
  2df187001e2d2ffd0087d66370c1507d2a4beac5fb547706e632ae9146ba309c
- Size
  
  110KB
- MD5
  
  03b09f85a06eac66309a5cdbfada2d03
- SHA1
  
  fcec83812a1a76e9d4c7e4d1a767e470e3a7ac0a
- SHA256
  
  2df187001e2d2ffd0087d66370c1507d2a4beac5fb547706e632ae9146ba309c
- SHA512
  
  8df23ead08ca001a56818510fe304a91341736ba6dda98059f946670923ba9c4fe772f49022c9f536b0e3f510ae8b5afa4c995f51319043406639f14b674f561
- SSDEEP
  
  3072:VfKpbdrHYrMue8q7QPX+5xtekEdi8/dgVyVIBk6h2bsllScQjnxM:pKpbdrHYrMue8q7QPX+5xtFEdi8/dgVf
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2