a30b2a92f7fcffd8b942e17a62cc8b72e1a197ca66ddd618ef884d618252cd65 | Triage

Sharing

General

Target

a30b2a92f7fcffd8b942e17a62cc8b72e1a197ca66ddd618ef884d618252cd65
Size

67KB
Sample

241120-f2njwasfjp
MD5

b27c199cf5876f5186693ec3c44c8133
SHA1

8cb3719ea2b1000bb0b2b01856db9c6c851468b5
SHA256

a30b2a92f7fcffd8b942e17a62cc8b72e1a197ca66ddd618ef884d618252cd65
SHA512

e4a1e1a6b5aabc90cdc05cc9b6917f46c08ac63a40d92e1cab4bd9c3058a57e65c8e6f2165f1b97491076c2788aa0cc9ab2f37aa1bfdf6e82826e5809a13bf46
SSDEEP

1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9eW:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://learnviaonline.com/wp-admin/qGb/

xlm40.dropper

http://kolejleri.com/wp-admin/REvup/

xlm40.dropper

http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/

xlm40.dropper

http://milanstaffing.com/images/D4TRnDubF/

Targets

- Target
  
  a30b2a92f7fcffd8b942e17a62cc8b72e1a197ca66ddd618ef884d618252cd65
- Size
  
  67KB
- MD5
  
  b27c199cf5876f5186693ec3c44c8133
- SHA1
  
  8cb3719ea2b1000bb0b2b01856db9c6c851468b5
- SHA256
  
  a30b2a92f7fcffd8b942e17a62cc8b72e1a197ca66ddd618ef884d618252cd65
- SHA512
  
  e4a1e1a6b5aabc90cdc05cc9b6917f46c08ac63a40d92e1cab4bd9c3058a57e65c8e6f2165f1b97491076c2788aa0cc9ab2f37aa1bfdf6e82826e5809a13bf46
- SSDEEP
  
  1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9eW:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2