153a8fd82dbf19515c78e49ba48e78b183d3579bff5ca5e5d269ce30f54f6c1e | Triage

Sharing

General

Target

153a8fd82dbf19515c78e49ba48e78b183d3579bff5ca5e5d269ce30f54f6c1e
Size

47KB
Sample

241120-f6qj2asfrp
MD5

c19bfca59107a41d0d8918f42ce122d9
SHA1

3a5373573c11fb401f3b991e589a6b59c543ca5a
SHA256

153a8fd82dbf19515c78e49ba48e78b183d3579bff5ca5e5d269ce30f54f6c1e
SHA512

ef5f996e01b49e852987d9b8e945a7289836aff35953828166bfff65a8625ff12a7b6cd300d98227eed289f18468863af76faaa23c1468d1b847bd3bad3074e4
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  153a8fd82dbf19515c78e49ba48e78b183d3579bff5ca5e5d269ce30f54f6c1e
- Size
  
  47KB
- MD5
  
  c19bfca59107a41d0d8918f42ce122d9
- SHA1
  
  3a5373573c11fb401f3b991e589a6b59c543ca5a
- SHA256
  
  153a8fd82dbf19515c78e49ba48e78b183d3579bff5ca5e5d269ce30f54f6c1e
- SHA512
  
  ef5f996e01b49e852987d9b8e945a7289836aff35953828166bfff65a8625ff12a7b6cd300d98227eed289f18468863af76faaa23c1468d1b847bd3bad3074e4
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2