527a8513a8d434b14faa33dc840e98fd36f4eb050df1c39db25741f0dbaac1d3 | Triage

Sharing

General

Target

527a8513a8d434b14faa33dc840e98fd36f4eb050df1c39db25741f0dbaac1d3
Size

65KB
Sample

241120-nst93awcjf
MD5

4743e3f2e9829f84e6076257dc700f67
SHA1

4fea6dd1352bca5b63a25d24a9cffcfbe58fa4e3
SHA256

527a8513a8d434b14faa33dc840e98fd36f4eb050df1c39db25741f0dbaac1d3
SHA512

cecb67b60ccabf50540e036d7b8e8d63edf25f7006c92e0b72c1cc4e3811a1f6f2d7f9185e3fb7c35c68686a52623c1c285da07bb309b096ebb186f0f48116cb
SSDEEP

1536:LkKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+0+hDAnTL6QrR3Zws8EkTL:gKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMy

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/

xlm40.dropper

http://ocalogullari.com/inc/Wcm82enrs8/

xlm40.dropper

https://myphamcuatui.com/assets/OPVeVSpO/

xlm40.dropper

http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/

Targets

- Target
  
  527a8513a8d434b14faa33dc840e98fd36f4eb050df1c39db25741f0dbaac1d3
- Size
  
  65KB
- MD5
  
  4743e3f2e9829f84e6076257dc700f67
- SHA1
  
  4fea6dd1352bca5b63a25d24a9cffcfbe58fa4e3
- SHA256
  
  527a8513a8d434b14faa33dc840e98fd36f4eb050df1c39db25741f0dbaac1d3
- SHA512
  
  cecb67b60ccabf50540e036d7b8e8d63edf25f7006c92e0b72c1cc4e3811a1f6f2d7f9185e3fb7c35c68686a52623c1c285da07bb309b096ebb186f0f48116cb
- SSDEEP
  
  1536:LkKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+0+hDAnTL6QrR3Zws8EkTL:gKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMy
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2