cabc112c161c6b97145e3cbe6049a00e0eae033e34b2f5bef8cd1c916c127763 | Triage

Sharing

General

Target

cabc112c161c6b97145e3cbe6049a00e0eae033e34b2f5bef8cd1c916c127763
Size

95KB
Sample

241120-qkaa2axaqg
MD5

a54ebed1feb8713198901fdba3ede61c
SHA1

42ba9087b5dc341ce99c8ab0aab430155dce4da7
SHA256

cabc112c161c6b97145e3cbe6049a00e0eae033e34b2f5bef8cd1c916c127763
SHA512

2709e7474b56d0479db0947d3bf409f7d54e09229da751fa4c212fb4a10e21f922747654df7796d00547cbc4ed6162b82ebe08413ad648ba502e57b5590cd14a
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4HuS4hcTO97v7UYdEJmg:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://cointrade.world/receipts/0LjXVwpQrhw/

xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/jp64lssPHEe2ii/

xlm40.dropper

http://haircutbar.com/cgi-bin/BC3WAQ8zJY4ALXA4/

xlm40.dropper

http://airhobi.com/system/WLvH1ygkOYQO/

Targets

- Target
  
  cabc112c161c6b97145e3cbe6049a00e0eae033e34b2f5bef8cd1c916c127763
- Size
  
  95KB
- MD5
  
  a54ebed1feb8713198901fdba3ede61c
- SHA1
  
  42ba9087b5dc341ce99c8ab0aab430155dce4da7
- SHA256
  
  cabc112c161c6b97145e3cbe6049a00e0eae033e34b2f5bef8cd1c916c127763
- SHA512
  
  2709e7474b56d0479db0947d3bf409f7d54e09229da751fa4c212fb4a10e21f922747654df7796d00547cbc4ed6162b82ebe08413ad648ba502e57b5590cd14a
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4HuS4hcTO97v7UYdEJmg:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2