2f0d20d2696703b4a52c2848fd943a1f9143f4cf21821627b7174e59cd3f1b41 | Triage

Sharing

General

Target

2f0d20d2696703b4a52c2848fd943a1f9143f4cf21821627b7174e59cd3f1b41
Size

95KB
Sample

241120-pewreaxbrq
MD5

5f34fb39262eca2e0b6540aaeb7e51c6
SHA1

ad1aa795f473a3ba8e04adc29dc62099d4d4872c
SHA256

2f0d20d2696703b4a52c2848fd943a1f9143f4cf21821627b7174e59cd3f1b41
SHA512

3ee85b5220edd7546391ebfda1c55b0894f8d70fa434bffbdc45ca8a1b0f02a697debbe77f743559c26fd0ed555390469e17b03a1bef887da0c4f44c4fa37ad4
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4HuS4hcTO97v7UYdEJmg:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://cointrade.world/receipts/0LjXVwpQrhw/

xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/jp64lssPHEe2ii/

xlm40.dropper

http://haircutbar.com/cgi-bin/BC3WAQ8zJY4ALXA4/

xlm40.dropper

http://airhobi.com/system/WLvH1ygkOYQO/

Targets

- Target
  
  2f0d20d2696703b4a52c2848fd943a1f9143f4cf21821627b7174e59cd3f1b41
- Size
  
  95KB
- MD5
  
  5f34fb39262eca2e0b6540aaeb7e51c6
- SHA1
  
  ad1aa795f473a3ba8e04adc29dc62099d4d4872c
- SHA256
  
  2f0d20d2696703b4a52c2848fd943a1f9143f4cf21821627b7174e59cd3f1b41
- SHA512
  
  3ee85b5220edd7546391ebfda1c55b0894f8d70fa434bffbdc45ca8a1b0f02a697debbe77f743559c26fd0ed555390469e17b03a1bef887da0c4f44c4fa37ad4
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4HuS4hcTO97v7UYdEJmg:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2