1b284a49b79b2f9e59afaf0cd02606964d55e30dee653327ce304b046fb819f8 | Triage

Sharing

General

Target

1b284a49b79b2f9e59afaf0cd02606964d55e30dee653327ce304b046fb819f8
Size

95KB
Sample

241120-mht1wavfjf
MD5

75b44f3a36823d50b6800dc1e1cce443
SHA1

c7c5ca0a5534d7dafeb60f62fa167a9c6b81472c
SHA256

1b284a49b79b2f9e59afaf0cd02606964d55e30dee653327ce304b046fb819f8
SHA512

7b91c166de2c02e8583f566eaccced7d02abb9502ad4008e01b9ec3d6111b49a5c229fe7ea2fb18cf2949ce27f3b88e4d6cfa3429bf0e3d31f8bfe36f89ddc45
SSDEEP

1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgBHuS4hcTO97v7UYdEJmMq:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgy

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atperson.com/campusvirtual/3aAaeSKPaURF/

xlm40.dropper

https://buffetmazzi.com.br/ckfinder/i/

xlm40.dropper

http://atici.net/c/MgEC/

xlm40.dropper

http://www.birebiregitim.net/wp-includes/f/

Targets

- Target
  
  1b284a49b79b2f9e59afaf0cd02606964d55e30dee653327ce304b046fb819f8
- Size
  
  95KB
- MD5
  
  75b44f3a36823d50b6800dc1e1cce443
- SHA1
  
  c7c5ca0a5534d7dafeb60f62fa167a9c6b81472c
- SHA256
  
  1b284a49b79b2f9e59afaf0cd02606964d55e30dee653327ce304b046fb819f8
- SHA512
  
  7b91c166de2c02e8583f566eaccced7d02abb9502ad4008e01b9ec3d6111b49a5c229fe7ea2fb18cf2949ce27f3b88e4d6cfa3429bf0e3d31f8bfe36f89ddc45
- SSDEEP
  
  1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgBHuS4hcTO97v7UYdEJmMq:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgy
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2