fd1b54bbb4f13d431804241df3a6530ce034998776ed94e2a6e35ddb5183c7f6 | Triage

Sharing

General

Target

fd1b54bbb4f13d431804241df3a6530ce034998776ed94e2a6e35ddb5183c7f6
Size

67KB
Sample

241120-f1gpya1rav
MD5

42c7f22cb69f30a590c3def5bd4fd5b7
SHA1

e75f18ef1d47c6d8051576a10d533487b72a75c0
SHA256

fd1b54bbb4f13d431804241df3a6530ce034998776ed94e2a6e35ddb5183c7f6
SHA512

b0ec483f2f9c51cfa1ba4c536b8cc4536a6fe66408898a5777288009f10f341388564510369ccc4c36f3524169b17a5ac9d754583696c9ee07503333c7dfd2f1
SSDEEP

1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9ey:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMw

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://learnviaonline.com/wp-admin/qGb/

xlm40.dropper

http://kolejleri.com/wp-admin/REvup/

xlm40.dropper

http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/

xlm40.dropper

http://milanstaffing.com/images/D4TRnDubF/

Targets

- Target
  
  fd1b54bbb4f13d431804241df3a6530ce034998776ed94e2a6e35ddb5183c7f6
- Size
  
  67KB
- MD5
  
  42c7f22cb69f30a590c3def5bd4fd5b7
- SHA1
  
  e75f18ef1d47c6d8051576a10d533487b72a75c0
- SHA256
  
  fd1b54bbb4f13d431804241df3a6530ce034998776ed94e2a6e35ddb5183c7f6
- SHA512
  
  b0ec483f2f9c51cfa1ba4c536b8cc4536a6fe66408898a5777288009f10f341388564510369ccc4c36f3524169b17a5ac9d754583696c9ee07503333c7dfd2f1
- SSDEEP
  
  1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9ey:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMw
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2