f149bb0905809a3aef284a23120e832250f9bb1f9e99f64e9eb51b16d86b5dc4 | Triage

Sharing

General

Target

f149bb0905809a3aef284a23120e832250f9bb1f9e99f64e9eb51b16d86b5dc4
Size

96KB
Sample

241120-mv5yxavgmh
MD5

4329988427f516a0b552ffd0fe0f6579
SHA1

d0c298063b6e842eaa5d327a7c5fe97c8d7c96ee
SHA256

f149bb0905809a3aef284a23120e832250f9bb1f9e99f64e9eb51b16d86b5dc4
SHA512

f8d3b16cd2a5f7a3f7f11954f6070653e832e25d1e245ad11b0322dc1cb7ba3acf4fe6fb5b63bbbac389c0390c6d2f3f3ffa89635c7b4423037e10e3a2a9827a
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3t:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  f149bb0905809a3aef284a23120e832250f9bb1f9e99f64e9eb51b16d86b5dc4
- Size
  
  96KB
- MD5
  
  4329988427f516a0b552ffd0fe0f6579
- SHA1
  
  d0c298063b6e842eaa5d327a7c5fe97c8d7c96ee
- SHA256
  
  f149bb0905809a3aef284a23120e832250f9bb1f9e99f64e9eb51b16d86b5dc4
- SHA512
  
  f8d3b16cd2a5f7a3f7f11954f6070653e832e25d1e245ad11b0322dc1cb7ba3acf4fe6fb5b63bbbac389c0390c6d2f3f3ffa89635c7b4423037e10e3a2a9827a
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3t:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2