3a8aa30d14f6aa4b7830f6b8272f0d28d8c90be2ed57b0185cb9abb4ad276ade | Triage

Sharing

General

Target

3a8aa30d14f6aa4b7830f6b8272f0d28d8c90be2ed57b0185cb9abb4ad276ade
Size

91KB
Sample

241120-lnwafsvbra
MD5

c5649a1c0d131de23cfc2fc50d7117b1
SHA1

ed22096d302f8401ec159dcfbcf8d0372c2ff523
SHA256

3a8aa30d14f6aa4b7830f6b8272f0d28d8c90be2ed57b0185cb9abb4ad276ade
SHA512

a44521ac85a0425d56056da806dd0f55709e6f14bf52acb6fb2961bf8c23ea3e54db7d591617dcc47c1e37764746ad5190bf498cc11162774cf97ed7c90e0336
SSDEEP

1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Zqcvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgi

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://bundlefilm.com/headers/lkfBH3Czw9CjEW07P2/

xlm40.dropper

http://camsanparke.net/wp-content/h2Ja5bwB03hnyfCb/

xlm40.dropper

http://royreid.co.uk/wp-content/dCwG/

xlm40.dropper

https://cs.com.sg/admin/a1lR5wu/

Targets

- Target
  
  3a8aa30d14f6aa4b7830f6b8272f0d28d8c90be2ed57b0185cb9abb4ad276ade
- Size
  
  91KB
- MD5
  
  c5649a1c0d131de23cfc2fc50d7117b1
- SHA1
  
  ed22096d302f8401ec159dcfbcf8d0372c2ff523
- SHA256
  
  3a8aa30d14f6aa4b7830f6b8272f0d28d8c90be2ed57b0185cb9abb4ad276ade
- SHA512
  
  a44521ac85a0425d56056da806dd0f55709e6f14bf52acb6fb2961bf8c23ea3e54db7d591617dcc47c1e37764746ad5190bf498cc11162774cf97ed7c90e0336
- SSDEEP
  
  1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Zqcvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgi
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2