d42de99e74155e587091cea3b85df5a76bbdd553b75df3271818767879d4a5eb | Triage

Sharing

General

Target

d42de99e74155e587091cea3b85df5a76bbdd553b75df3271818767879d4a5eb
Size

56KB
Sample

241120-lkz48svmcs
MD5

b062a84db67dae894acf74569db9047b
SHA1

c91b18e5eecf9c7f2c9b5eae45e19553b623ab4c
SHA256

d42de99e74155e587091cea3b85df5a76bbdd553b75df3271818767879d4a5eb
SHA512

4457a95bf6a4d9dd40902010a9e3d11ae1bcbdec116d29130ed86e0ac7f6a5e3884e6677c82d53380fbffb3ecb2fbf7cdae43c9d8f05a823adbcb4a17933c1c5
SSDEEP

1536:GUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:5snbcpn+8ZGIFK73tMQ5

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.equus.com/2i8yt/GhBSz6peG/

Targets

- Target
  
  d42de99e74155e587091cea3b85df5a76bbdd553b75df3271818767879d4a5eb
- Size
  
  56KB
- MD5
  
  b062a84db67dae894acf74569db9047b
- SHA1
  
  c91b18e5eecf9c7f2c9b5eae45e19553b623ab4c
- SHA256
  
  d42de99e74155e587091cea3b85df5a76bbdd553b75df3271818767879d4a5eb
- SHA512
  
  4457a95bf6a4d9dd40902010a9e3d11ae1bcbdec116d29130ed86e0ac7f6a5e3884e6677c82d53380fbffb3ecb2fbf7cdae43c9d8f05a823adbcb4a17933c1c5
- SSDEEP
  
  1536:GUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:5snbcpn+8ZGIFK73tMQ5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2