80593e089f61d2454450fc489fb8e6c55c476b0dd8d695d8d3c47fe5aced01e0 | Triage

Sharing

General

Target

80593e089f61d2454450fc489fb8e6c55c476b0dd8d695d8d3c47fe5aced01e0
Size

96KB
Sample

241120-qtbkfsxhnn
MD5

80fce87bbc03766781f1b77f25a48925
SHA1

391c69b07b971fae5cdd929d60be9c0c086d08b4
SHA256

80593e089f61d2454450fc489fb8e6c55c476b0dd8d695d8d3c47fe5aced01e0
SHA512

cec68cdaa7ac53c664478a87bdb6190da5883083253351676237b86aba0e272e57259c4e55ce5b1e0c4ec83a5d3d206c3ac29703c401425e3be3b00d7369a4be
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmA:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgs

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/

xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/

xlm40.dropper

http://atici.net/c/JDFDBMIz/

xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

- Target
  
  80593e089f61d2454450fc489fb8e6c55c476b0dd8d695d8d3c47fe5aced01e0
- Size
  
  96KB
- MD5
  
  80fce87bbc03766781f1b77f25a48925
- SHA1
  
  391c69b07b971fae5cdd929d60be9c0c086d08b4
- SHA256
  
  80593e089f61d2454450fc489fb8e6c55c476b0dd8d695d8d3c47fe5aced01e0
- SHA512
  
  cec68cdaa7ac53c664478a87bdb6190da5883083253351676237b86aba0e272e57259c4e55ce5b1e0c4ec83a5d3d206c3ac29703c401425e3be3b00d7369a4be
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmA:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgs
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2