13b563633a962e3b3bca3e78cad6d17fdbfda0fb5c7f2967261c3aeee79c36be | Triage

Sharing

General

Target

13b563633a962e3b3bca3e78cad6d17fdbfda0fb5c7f2967261c3aeee79c36be
Size

70KB
Sample

241120-q61ecaxcrb
MD5

89aa4e927e1273ca9b1e9bce640a0a9f
SHA1

3a7988e5821533014dafb61ff6f80ecff5d53f58
SHA256

13b563633a962e3b3bca3e78cad6d17fdbfda0fb5c7f2967261c3aeee79c36be
SHA512

fb77c6e8290e9734d62ea7a14de0ae111c19343d3709d1b895ed00be0d6526ca0984258322fd667df5f7c1a4c73804f29d54e8de529d47f96df3f14e7f9f9a99
SSDEEP

1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Egk:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMx

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://strachanclark.com/images/3gc4qCpSFYbBMDEC/

xlm40.dropper

https://synapse-archive.com/images/bKaMr/

xlm40.dropper

https://sumuvesa.com/wp-includes/rgL/

Targets

- Target
  
  13b563633a962e3b3bca3e78cad6d17fdbfda0fb5c7f2967261c3aeee79c36be
- Size
  
  70KB
- MD5
  
  89aa4e927e1273ca9b1e9bce640a0a9f
- SHA1
  
  3a7988e5821533014dafb61ff6f80ecff5d53f58
- SHA256
  
  13b563633a962e3b3bca3e78cad6d17fdbfda0fb5c7f2967261c3aeee79c36be
- SHA512
  
  fb77c6e8290e9734d62ea7a14de0ae111c19343d3709d1b895ed00be0d6526ca0984258322fd667df5f7c1a4c73804f29d54e8de529d47f96df3f14e7f9f9a99
- SSDEEP
  
  1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Egk:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMx
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2