4ee08d69dcae59d5a9cde45d578824ffcf0c682ecf861c2d8309dfdb97b67804 | Triage

Sharing

General

Target

4ee08d69dcae59d5a9cde45d578824ffcf0c682ecf861c2d8309dfdb97b67804
Size

71KB
Sample

241120-q3nw5sskfj
MD5

d92fb98fc381d911198cba2d5048ed78
SHA1

c472384e12698de568c0ae2b93158a27ed971b76
SHA256

4ee08d69dcae59d5a9cde45d578824ffcf0c682ecf861c2d8309dfdb97b67804
SHA512

bc264396486a617f3b5f1180fa9add370cd3df6bcf6061bf19ff369c7589e102bcde3b95480118e264a3c4749b77673bd918c8bba1d174f365488dd60cecd5fb
SSDEEP

1536:jhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+gT+hDcnTLiQrRTZws8EQ:lKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMK

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://sweetzone.co/js/XVK/

xlm40.dropper

https://tassa.mx/edos/1hHlIQO/

xlm40.dropper

http://assaref.ma/old_assaref/A2B3P/

Targets

- Target
  
  4ee08d69dcae59d5a9cde45d578824ffcf0c682ecf861c2d8309dfdb97b67804
- Size
  
  71KB
- MD5
  
  d92fb98fc381d911198cba2d5048ed78
- SHA1
  
  c472384e12698de568c0ae2b93158a27ed971b76
- SHA256
  
  4ee08d69dcae59d5a9cde45d578824ffcf0c682ecf861c2d8309dfdb97b67804
- SHA512
  
  bc264396486a617f3b5f1180fa9add370cd3df6bcf6061bf19ff369c7589e102bcde3b95480118e264a3c4749b77673bd918c8bba1d174f365488dd60cecd5fb
- SSDEEP
  
  1536:jhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+gT+hDcnTLiQrRTZws8EQ:lKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMK
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2