be0ee2c07ce80d5eaf570ff2bad8fa3d589640bd6114073bb5e607a962b644ef | Triage

Sharing

General

Target

be0ee2c07ce80d5eaf570ff2bad8fa3d589640bd6114073bb5e607a962b644ef
Size

95KB
Sample

241120-jzqg8stdne
MD5

d03f165940ade25e483448191be48f22
SHA1

cb8fbe95850c8cb22fe203200ca5391ed9ed2ccc
SHA256

be0ee2c07ce80d5eaf570ff2bad8fa3d589640bd6114073bb5e607a962b644ef
SHA512

26a183eff38bb14e16253cd90d4b4e1c95d1cb90774217f8e893a3244542a7db94181d97f5d0d961dcd2bc6cc71dc8146e29bfb452f83f92386dcc5b4eb8e18a
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7u:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://yakosurf.com/wp-includes/y9jgKE7f1wMM/

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/

xlm40.dropper

http://armannahalpersian.ir/armannahalpersian/byxUd7hAO2/

xlm40.dropper

http://disweb.sk/lfHCegwZndgMs/KFfG/

Targets

- Target
  
  be0ee2c07ce80d5eaf570ff2bad8fa3d589640bd6114073bb5e607a962b644ef
- Size
  
  95KB
- MD5
  
  d03f165940ade25e483448191be48f22
- SHA1
  
  cb8fbe95850c8cb22fe203200ca5391ed9ed2ccc
- SHA256
  
  be0ee2c07ce80d5eaf570ff2bad8fa3d589640bd6114073bb5e607a962b644ef
- SHA512
  
  26a183eff38bb14e16253cd90d4b4e1c95d1cb90774217f8e893a3244542a7db94181d97f5d0d961dcd2bc6cc71dc8146e29bfb452f83f92386dcc5b4eb8e18a
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7u:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2