67fedda89b5b9e16abdd1fb17ae009ea02f3b296db3d063a8eef1b1ee92879ce | Triage

Sharing

General

Target

67fedda89b5b9e16abdd1fb17ae009ea02f3b296db3d063a8eef1b1ee92879ce
Size

96KB
Sample

241120-qwa2psxbpg
MD5

b6a74d5a9568908e9b0a6d6a6466a1d7
SHA1

8b9e805e5e02d4d4cac2191a58b1cca07a764693
SHA256

67fedda89b5b9e16abdd1fb17ae009ea02f3b296db3d063a8eef1b1ee92879ce
SHA512

09b5df0702fc308f488577004a2a2d6c3e4a4538762977b9fc82b9ddc32f2085bb9f0363e245d9ef6c4af2157bd6fedf812fda35c2ec4206865e6074d08e304c
SSDEEP

1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmm7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://bpsjambi.id/about/CcN5IbuInPQ/

xlm40.dropper

https://greenlizard.co.za/amanah/pu8xeUOpqqq/

xlm40.dropper

https://akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/

xlm40.dropper

https://www.yell.ge/nav_logo/x960wo3PHaIUm/

Targets

- Target
  
  67fedda89b5b9e16abdd1fb17ae009ea02f3b296db3d063a8eef1b1ee92879ce
- Size
  
  96KB
- MD5
  
  b6a74d5a9568908e9b0a6d6a6466a1d7
- SHA1
  
  8b9e805e5e02d4d4cac2191a58b1cca07a764693
- SHA256
  
  67fedda89b5b9e16abdd1fb17ae009ea02f3b296db3d063a8eef1b1ee92879ce
- SHA512
  
  09b5df0702fc308f488577004a2a2d6c3e4a4538762977b9fc82b9ddc32f2085bb9f0363e245d9ef6c4af2157bd6fedf812fda35c2ec4206865e6074d08e304c
- SSDEEP
  
  1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmm7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2