40e816366c01596e703feaa1924fea7150ad4187c9b0536db490cdc451ed5e15 | Triage

Sharing

General

Target

40e816366c01596e703feaa1924fea7150ad4187c9b0536db490cdc451ed5e15
Size

95KB
Sample

241120-l4yqhszmaq
MD5

c66424cc8b4242342f358c3e2992e1b3
SHA1

8b345f5b69245d7144771aa2f97e4e730ac17f39
SHA256

40e816366c01596e703feaa1924fea7150ad4187c9b0536db490cdc451ed5e15
SHA512

aad9d1d05a45800cd062d31eb79519c03627398ceafc11180e31ac72d96f7443b422b00090923fa35877a0d1adc2c5c9212efec674b1b7b6443284e16005cc11
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJm5:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/YH8OJ1Zz8miBX/

xlm40.dropper

http://ebuysa.co.za/yt-assets/yZ30/

xlm40.dropper

http://3dstudioa.com.br/files/1ubPAB/

xlm40.dropper

http://boardmart.co.za/images/DvMHPbTLn/

Targets

- Target
  
  40e816366c01596e703feaa1924fea7150ad4187c9b0536db490cdc451ed5e15
- Size
  
  95KB
- MD5
  
  c66424cc8b4242342f358c3e2992e1b3
- SHA1
  
  8b345f5b69245d7144771aa2f97e4e730ac17f39
- SHA256
  
  40e816366c01596e703feaa1924fea7150ad4187c9b0536db490cdc451ed5e15
- SHA512
  
  aad9d1d05a45800cd062d31eb79519c03627398ceafc11180e31ac72d96f7443b422b00090923fa35877a0d1adc2c5c9212efec674b1b7b6443284e16005cc11
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJm5:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2