f507018105d259704401bc51ba8b6a6e486cdf44e21b7398d7eb3ff7b2f2337d | Triage

Sharing

General

Target

f507018105d259704401bc51ba8b6a6e486cdf44e21b7398d7eb3ff7b2f2337d
Size

96KB
Sample

241120-jj2kkaykgk
MD5

eea1851e19cf35502adc0afb9820bc8f
SHA1

141aac664f903f13c644ccf2571bb1ea09c97f27
SHA256

f507018105d259704401bc51ba8b6a6e486cdf44e21b7398d7eb3ff7b2f2337d
SHA512

fb25185b0ec1c5fd0352b6c0ff8d60c8d37e4e145fd98f859835a874b5b86e58e0eca04d041fb235230617f537741b14eb0069f759307d421589ac071bbdb521
SSDEEP

1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmW7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQ

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://bpsjambi.id/about/CcN5IbuInPQ/

xlm40.dropper

https://greenlizard.co.za/amanah/pu8xeUOpqqq/

xlm40.dropper

https://akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/

xlm40.dropper

https://www.yell.ge/nav_logo/x960wo3PHaIUm/

Targets

- Target
  
  f507018105d259704401bc51ba8b6a6e486cdf44e21b7398d7eb3ff7b2f2337d
- Size
  
  96KB
- MD5
  
  eea1851e19cf35502adc0afb9820bc8f
- SHA1
  
  141aac664f903f13c644ccf2571bb1ea09c97f27
- SHA256
  
  f507018105d259704401bc51ba8b6a6e486cdf44e21b7398d7eb3ff7b2f2337d
- SHA512
  
  fb25185b0ec1c5fd0352b6c0ff8d60c8d37e4e145fd98f859835a874b5b86e58e0eca04d041fb235230617f537741b14eb0069f759307d421589ac071bbdb521
- SSDEEP
  
  1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmW7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQ
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2