f189a7720bfc21d05d4cffafefe2d0c7a63a4ddadc0efbf89947a3885156926f | Triage

Sharing

General

Target

f189a7720bfc21d05d4cffafefe2d0c7a63a4ddadc0efbf89947a3885156926f
Size

95KB
Sample

241120-jy4y8stdme
MD5

d5a8c791b69acbebb897441fab717cde
SHA1

0823f7b328023f29f7086b541f30d6a13f1a7720
SHA256

f189a7720bfc21d05d4cffafefe2d0c7a63a4ddadc0efbf89947a3885156926f
SHA512

28ffdb34852b0d84bb42d19f461166ea0564ebee41a63e871ad7d81826f1eb30f66514a126f84fffd47830ddc3f28e3f2fce0f755c798dfbb06f9741a1519578
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7S:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://yakosurf.com/wp-includes/y9jgKE7f1wMM/

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/

xlm40.dropper

http://armannahalpersian.ir/armannahalpersian/byxUd7hAO2/

xlm40.dropper

http://disweb.sk/lfHCegwZndgMs/KFfG/

Targets

- Target
  
  f189a7720bfc21d05d4cffafefe2d0c7a63a4ddadc0efbf89947a3885156926f
- Size
  
  95KB
- MD5
  
  d5a8c791b69acbebb897441fab717cde
- SHA1
  
  0823f7b328023f29f7086b541f30d6a13f1a7720
- SHA256
  
  f189a7720bfc21d05d4cffafefe2d0c7a63a4ddadc0efbf89947a3885156926f
- SHA512
  
  28ffdb34852b0d84bb42d19f461166ea0564ebee41a63e871ad7d81826f1eb30f66514a126f84fffd47830ddc3f28e3f2fce0f755c798dfbb06f9741a1519578
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7S:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2