444df65f2022d84e09bfc5eaa6a2325c9f9d27ae7b55871dc3b69e9b12a38263 | Triage

Sharing

General

Target

444df65f2022d84e09bfc5eaa6a2325c9f9d27ae7b55871dc3b69e9b12a38263
Size

53KB
Sample

241120-rxjwnsyjfs
MD5

2fa46bfb49af6e66c23e692d26345bee
SHA1

460c3de305d497281ed56ef52fbe12cd37b5512a
SHA256

444df65f2022d84e09bfc5eaa6a2325c9f9d27ae7b55871dc3b69e9b12a38263
SHA512

4dcef4c28c7205f23842f64026174991c016ee26e8505db88439761c7e40c4b9f8c03355362f5a941536e72a2f0a0d24b63a0a2a8acb20c1f05a53796428acc9
SSDEEP

1536:LPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyv:rKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMl

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/

xlm40.dropper

http://ocalogullari.com/inc/Wcm82enrs8/

xlm40.dropper

https://myphamcuatui.com/assets/OPVeVSpO/

xlm40.dropper

http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/

Targets

- Target
  
  444df65f2022d84e09bfc5eaa6a2325c9f9d27ae7b55871dc3b69e9b12a38263
- Size
  
  53KB
- MD5
  
  2fa46bfb49af6e66c23e692d26345bee
- SHA1
  
  460c3de305d497281ed56ef52fbe12cd37b5512a
- SHA256
  
  444df65f2022d84e09bfc5eaa6a2325c9f9d27ae7b55871dc3b69e9b12a38263
- SHA512
  
  4dcef4c28c7205f23842f64026174991c016ee26e8505db88439761c7e40c4b9f8c03355362f5a941536e72a2f0a0d24b63a0a2a8acb20c1f05a53796428acc9
- SSDEEP
  
  1536:LPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+bSgNeEYL8ECyv:rKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMl
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2