General

  • Target

    664f0db47f4835308b2b7ad59130953cd2b2c7da1aecbedf4bad18b1f480323b

  • Size

    80KB

  • Sample

    241120-p7mn7sxfjk

  • MD5

    804a53940dbf5a13917c0752f466f435

  • SHA1

    413f73d1dddf8d051b2bce50c57092f9c123476e

  • SHA256

    664f0db47f4835308b2b7ad59130953cd2b2c7da1aecbedf4bad18b1f480323b

  • SHA512

    400c2397918e1e4e9e5edf493852b448553202f27a24da0188fb736d2062bac299bed00bccc7b1b70ef101f96bd35539bc3ce36b0b9e7d1a4a76c2b2f882774c

  • SSDEEP

    1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJe5:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dk

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://centaurussits.com/assets/FL/

xlm40.dropper

http://cansal.cl/cgi-bin/besSIJTfOk0DtHZR/

xlm40.dropper

http://chalkie.me.uk/cgi-bin/gMLuebzG2RskkJXwY/

xlm40.dropper

http://www.cecambrils.cat/wp-content/0KwOSfNDESlzVMoc/

Targets

    • Target

      664f0db47f4835308b2b7ad59130953cd2b2c7da1aecbedf4bad18b1f480323b

    • Size

      80KB

    • MD5

      804a53940dbf5a13917c0752f466f435

    • SHA1

      413f73d1dddf8d051b2bce50c57092f9c123476e

    • SHA256

      664f0db47f4835308b2b7ad59130953cd2b2c7da1aecbedf4bad18b1f480323b

    • SHA512

      400c2397918e1e4e9e5edf493852b448553202f27a24da0188fb736d2062bac299bed00bccc7b1b70ef101f96bd35539bc3ce36b0b9e7d1a4a76c2b2f882774c

    • SSDEEP

      1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJe5:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks