c1b9bac37d22dc66d2fd0ad11c006c2e1658dfdb777d4ce81df9e7bbc8279f45 | Triage

Sharing

General

Target

c1b9bac37d22dc66d2fd0ad11c006c2e1658dfdb777d4ce81df9e7bbc8279f45
Size

56KB
Sample

241120-q16zyaxcla
MD5

02de7c96fd6333f126a0c264aed9c4b2
SHA1

9af894e91a4a46d46576019717ea6c6cbc43f2f5
SHA256

c1b9bac37d22dc66d2fd0ad11c006c2e1658dfdb777d4ce81df9e7bbc8279f45
SHA512

cd50a55d0fef04aba9045f24379dd57a10a8d076dd166827aa693820dc1e87dfd9f46931506a6189554405863b7c73ee01e3375408a1b1b6e73455a640f64a83
SSDEEP

1536:WUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:Jsnbcpn+8ZGIFK73tMQ5

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.equus.com/2i8yt/GhBSz6peG/

Targets

- Target
  
  c1b9bac37d22dc66d2fd0ad11c006c2e1658dfdb777d4ce81df9e7bbc8279f45
- Size
  
  56KB
- MD5
  
  02de7c96fd6333f126a0c264aed9c4b2
- SHA1
  
  9af894e91a4a46d46576019717ea6c6cbc43f2f5
- SHA256
  
  c1b9bac37d22dc66d2fd0ad11c006c2e1658dfdb777d4ce81df9e7bbc8279f45
- SHA512
  
  cd50a55d0fef04aba9045f24379dd57a10a8d076dd166827aa693820dc1e87dfd9f46931506a6189554405863b7c73ee01e3375408a1b1b6e73455a640f64a83
- SSDEEP
  
  1536:WUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:Jsnbcpn+8ZGIFK73tMQ5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2