86882c04927c6f3efd5e673ed7a6b8b2893a95db02f9d32ffb0b85bd46debd41 | Triage

Sharing

General

Target

86882c04927c6f3efd5e673ed7a6b8b2893a95db02f9d32ffb0b85bd46debd41
Size

60KB
Sample

241120-qmnansxgpq
MD5

eb2c2040f8d0badd30bb2af1b9e97d82
SHA1

79ab2123adbf152ab24357c0e65d4c365e5791d1
SHA256

86882c04927c6f3efd5e673ed7a6b8b2893a95db02f9d32ffb0b85bd46debd41
SHA512

b85b5848a1e46eedbd8db8f7a258030ffcecedac0489b54bacb010e31283217b3f6c01ef15ec931b7b434bfc0c93672e3745b140674a968ded2c067b30146c8f
SSDEEP

1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5t:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.valyval.com/pun/VAYL/

xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/

xlm40.dropper

http://calzadoyuyin.com/cgj-bin/jZPff/

xlm40.dropper

http://cagranus.com/slide/mcqAFuMhaekn/

Targets

- Target
  
  86882c04927c6f3efd5e673ed7a6b8b2893a95db02f9d32ffb0b85bd46debd41
- Size
  
  60KB
- MD5
  
  eb2c2040f8d0badd30bb2af1b9e97d82
- SHA1
  
  79ab2123adbf152ab24357c0e65d4c365e5791d1
- SHA256
  
  86882c04927c6f3efd5e673ed7a6b8b2893a95db02f9d32ffb0b85bd46debd41
- SHA512
  
  b85b5848a1e46eedbd8db8f7a258030ffcecedac0489b54bacb010e31283217b3f6c01ef15ec931b7b434bfc0c93672e3745b140674a968ded2c067b30146c8f
- SSDEEP
  
  1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5t:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2