32080ef5bc75b084bdd966f4bb0a6fe3145622f2ad6ff752790ad47df25abae6 | Triage

Sharing

General

Target

32080ef5bc75b084bdd966f4bb0a6fe3145622f2ad6ff752790ad47df25abae6
Size

95KB
Sample

241120-nesjbazren
MD5

12b12bf089d379449b8d67dc3fc2aa5a
SHA1

fc1e5f13435a13f081b34b5c53d4d0c103afbba3
SHA256

32080ef5bc75b084bdd966f4bb0a6fe3145622f2ad6ff752790ad47df25abae6
SHA512

ea48a4c84f02d6d6f9d4fd95682c4e7bea663e1f1bbf61040444baf8b5d77e0d7b3868be65cb86f510e55e815e23d9d461f14f410aee83b3d61eb9fe6ac6b879
SSDEEP

1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgBHuS4hcTO97v7UYdEJmsq:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgS

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atperson.com/campusvirtual/3aAaeSKPaURF/

xlm40.dropper

https://buffetmazzi.com.br/ckfinder/i/

xlm40.dropper

http://atici.net/c/MgEC/

xlm40.dropper

http://www.birebiregitim.net/wp-includes/f/

Targets

- Target
  
  32080ef5bc75b084bdd966f4bb0a6fe3145622f2ad6ff752790ad47df25abae6
- Size
  
  95KB
- MD5
  
  12b12bf089d379449b8d67dc3fc2aa5a
- SHA1
  
  fc1e5f13435a13f081b34b5c53d4d0c103afbba3
- SHA256
  
  32080ef5bc75b084bdd966f4bb0a6fe3145622f2ad6ff752790ad47df25abae6
- SHA512
  
  ea48a4c84f02d6d6f9d4fd95682c4e7bea663e1f1bbf61040444baf8b5d77e0d7b3868be65cb86f510e55e815e23d9d461f14f410aee83b3d61eb9fe6ac6b879
- SSDEEP
  
  1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgBHuS4hcTO97v7UYdEJmsq:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgS
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2