a9f07f90893e6c943abbbd97fecbb0ca8c601c94657b96aac83f7934e77e5e6c | Triage

Sharing

General

Target

a9f07f90893e6c943abbbd97fecbb0ca8c601c94657b96aac83f7934e77e5e6c
Size

70KB
Sample

241120-psg56sxjax
MD5

8166bf041a79485813f401da9810aabc
SHA1

d3991c38e6eda81c4d011b6d0d48f5dcfabd2a8e
SHA256

a9f07f90893e6c943abbbd97fecbb0ca8c601c94657b96aac83f7934e77e5e6c
SHA512

9192c0c4b3c85631a76ea42ca139454c06d354a13689a6dd93e90e4ea0405c187c9fb3ba5a91c880b156b3d3f6fdeaa64d8547f3e10c87f30a3a15facb59027e
SSDEEP

1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://strachanclark.com/images/3gc4qCpSFYbBMDEC/

xlm40.dropper

https://synapse-archive.com/images/bKaMr/

xlm40.dropper

https://sumuvesa.com/wp-includes/rgL/

Targets

- Target
  
  a9f07f90893e6c943abbbd97fecbb0ca8c601c94657b96aac83f7934e77e5e6c
- Size
  
  70KB
- MD5
  
  8166bf041a79485813f401da9810aabc
- SHA1
  
  d3991c38e6eda81c4d011b6d0d48f5dcfabd2a8e
- SHA256
  
  a9f07f90893e6c943abbbd97fecbb0ca8c601c94657b96aac83f7934e77e5e6c
- SHA512
  
  9192c0c4b3c85631a76ea42ca139454c06d354a13689a6dd93e90e4ea0405c187c9fb3ba5a91c880b156b3d3f6fdeaa64d8547f3e10c87f30a3a15facb59027e
- SSDEEP
  
  1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2