3153184791a1365d5452d7744696dc646064af7c2d55a7f5cfc95e518dc0034e | Triage

Sharing

General

Target

3153184791a1365d5452d7744696dc646064af7c2d55a7f5cfc95e518dc0034e
Size

91KB
Sample

241120-gh63jsshrp
MD5

477562b1e6241c189399e0a7e38dd775
SHA1

66c341930e5f252ae5c5d52a8761af3abeda633d
SHA256

3153184791a1365d5452d7744696dc646064af7c2d55a7f5cfc95e518dc0034e
SHA512

563b470c4b7d3719fecf92ce77fcfeb9fd9c09c6de38d796db1f8af5620d9355ed40996d1521d9ad8e0e629a29ebe25892d5c95c9c42e355d7b4ace93187690f
SSDEEP

1536:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHbCXuZH4gb4CEn9J4ZnX5:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://datie-tw.com/img/O8G0RDZj7MYCuJyPoP/

xlm40.dropper

http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/

xlm40.dropper

https://copunupo.ac.zm/cgi-bin/WFFcGx/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/4cChao/

Targets

- Target
  
  3153184791a1365d5452d7744696dc646064af7c2d55a7f5cfc95e518dc0034e
- Size
  
  91KB
- MD5
  
  477562b1e6241c189399e0a7e38dd775
- SHA1
  
  66c341930e5f252ae5c5d52a8761af3abeda633d
- SHA256
  
  3153184791a1365d5452d7744696dc646064af7c2d55a7f5cfc95e518dc0034e
- SHA512
  
  563b470c4b7d3719fecf92ce77fcfeb9fd9c09c6de38d796db1f8af5620d9355ed40996d1521d9ad8e0e629a29ebe25892d5c95c9c42e355d7b4ace93187690f
- SSDEEP
  
  1536:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgHbCXuZH4gb4CEn9J4ZnX5:vKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2