General

  • Target

    922d9b9625b73e108c9faca69fe0d2fb518a42abf09bf5f1ef78e475bbc5cf71

  • Size

    94KB

  • Sample

    241120-nhzf2a1jaj

  • MD5

    6bd7cb35ad2cca70050ed677b627304c

  • SHA1

    afbb1c91fc2d4f553e2f3d0b9c80b3436f795701

  • SHA256

    922d9b9625b73e108c9faca69fe0d2fb518a42abf09bf5f1ef78e475bbc5cf71

  • SHA512

    5b9d7e3837f5ae7b4cc8cf6edc6199707e803997d2d7a2008a73e19bd741195f6a170ec7f397e2480f0f16f70f98c3e995a75d66c71bf72206e43ace446231ff

  • SSDEEP

    1536:JsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgSUZx6FyxC3YGbl7BgWDFsqtNhWmDJdWh:6Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgZ

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/NGTx1FUzq/

xlm40.dropper

https://www.berekethaber.com/hatax/c7crGdejW4380ORuxqR/

xlm40.dropper

https://bulldogironworksllc.com/temp/BBh5HHpei/

Targets

    • Target

      922d9b9625b73e108c9faca69fe0d2fb518a42abf09bf5f1ef78e475bbc5cf71

    • Size

      94KB

    • MD5

      6bd7cb35ad2cca70050ed677b627304c

    • SHA1

      afbb1c91fc2d4f553e2f3d0b9c80b3436f795701

    • SHA256

      922d9b9625b73e108c9faca69fe0d2fb518a42abf09bf5f1ef78e475bbc5cf71

    • SHA512

      5b9d7e3837f5ae7b4cc8cf6edc6199707e803997d2d7a2008a73e19bd741195f6a170ec7f397e2480f0f16f70f98c3e995a75d66c71bf72206e43ace446231ff

    • SSDEEP

      1536:JsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgSUZx6FyxC3YGbl7BgWDFsqtNhWmDJdWh:6Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgZ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks