dc5cddfa5695f853d6570cc2287e245b14f89c030d776b1026e630ea3582ca69 | Triage

Sharing

General

Target

dc5cddfa5695f853d6570cc2287e245b14f89c030d776b1026e630ea3582ca69
Size

95KB
Sample

241120-pjtgvawflc
MD5

70c16378bc88f3089a4b480b939d5319
SHA1

ce5c022595f20422ba42dd787e847894e1bc849c
SHA256

dc5cddfa5695f853d6570cc2287e245b14f89c030d776b1026e630ea3582ca69
SHA512

b44d9a93455450131ea62c50a0b1de59bff9365412b3e178af91d9ede62e3b0e456ec86197a12b5f46ea30bed59e4fafbe7dfccd7f6d46cf7687a31119720f7c
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7e:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://yakosurf.com/wp-includes/y9jgKE7f1wMM/

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/

xlm40.dropper

http://armannahalpersian.ir/armannahalpersian/byxUd7hAO2/

xlm40.dropper

http://disweb.sk/lfHCegwZndgMs/KFfG/

Targets

- Target
  
  dc5cddfa5695f853d6570cc2287e245b14f89c030d776b1026e630ea3582ca69
- Size
  
  95KB
- MD5
  
  70c16378bc88f3089a4b480b939d5319
- SHA1
  
  ce5c022595f20422ba42dd787e847894e1bc849c
- SHA256
  
  dc5cddfa5695f853d6570cc2287e245b14f89c030d776b1026e630ea3582ca69
- SHA512
  
  b44d9a93455450131ea62c50a0b1de59bff9365412b3e178af91d9ede62e3b0e456ec86197a12b5f46ea30bed59e4fafbe7dfccd7f6d46cf7687a31119720f7c
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7e:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2