39a6eff049181f7eaf4a375fea7ba902700020ab3d7fe85ddf01ed663191af23 | Triage

Sharing

General

Target

39a6eff049181f7eaf4a375fea7ba902700020ab3d7fe85ddf01ed663191af23
Size

67KB
Sample

241120-s1784synfx
MD5

e4d9e8e6a7fca3ed04a87fefb4cb99f4
SHA1

49e11a1ce1a813549f8de72d6d9735418137af2a
SHA256

39a6eff049181f7eaf4a375fea7ba902700020ab3d7fe85ddf01ed663191af23
SHA512

5cbf3fbb2093816be819229def31f28f428a54c9227077aece1acca731865c212eb6dcaeaaafd91fd9c6ce1b8950fc72e7e43630fde0e63e7701f4aacec75078
SSDEEP

1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9ei:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMg

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://learnviaonline.com/wp-admin/qGb/

xlm40.dropper

http://kolejleri.com/wp-admin/REvup/

xlm40.dropper

http://stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/

xlm40.dropper

http://milanstaffing.com/images/D4TRnDubF/

Targets

- Target
  
  39a6eff049181f7eaf4a375fea7ba902700020ab3d7fe85ddf01ed663191af23
- Size
  
  67KB
- MD5
  
  e4d9e8e6a7fca3ed04a87fefb4cb99f4
- SHA1
  
  49e11a1ce1a813549f8de72d6d9735418137af2a
- SHA256
  
  39a6eff049181f7eaf4a375fea7ba902700020ab3d7fe85ddf01ed663191af23
- SHA512
  
  5cbf3fbb2093816be819229def31f28f428a54c9227077aece1acca731865c212eb6dcaeaaafd91fd9c6ce1b8950fc72e7e43630fde0e63e7701f4aacec75078
- SSDEEP
  
  1536:5VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+y9s1a6YG2jzQ0viPvDNHh9ei:fKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMg
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2