0bec13768d7f2aa66c9f0e41e52c246839ac16239b9df4605607f2eb7d994462 | Triage

Sharing

General

Target

0bec13768d7f2aa66c9f0e41e52c246839ac16239b9df4605607f2eb7d994462
Size

110KB
Sample

241120-ta5wqsyphx
MD5

9aff5ea7385d929cc9e316b408b02295
SHA1

6796b1ecd6533260414fcc552c6160827d0c7866
SHA256

0bec13768d7f2aa66c9f0e41e52c246839ac16239b9df4605607f2eb7d994462
SHA512

bfd8d2d16a014812623bc539d84760bfa6121e83a32eaf2ee6f364fe4be9c8192b3fcd901b733a5bd0dfa9e88d521ffba3e6124055c94e952ba1e4e73166bc39
SSDEEP

3072:VfKpbdrHYrMue8q7QPX+5xtekEdi8/dgVyVIBk6h2bsllScQjnxM:pKpbdrHYrMue8q7QPX+5xtFEdi8/dgVf

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://duvarkagitlarimodelleri.com/42hhp/gZXakh7/

xlm40.dropper

https://dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/

xlm40.dropper

http://animalsandusfujairah.com/wp-admin/JWO58zeUOwSI/

Targets

- Target
  
  0bec13768d7f2aa66c9f0e41e52c246839ac16239b9df4605607f2eb7d994462
- Size
  
  110KB
- MD5
  
  9aff5ea7385d929cc9e316b408b02295
- SHA1
  
  6796b1ecd6533260414fcc552c6160827d0c7866
- SHA256
  
  0bec13768d7f2aa66c9f0e41e52c246839ac16239b9df4605607f2eb7d994462
- SHA512
  
  bfd8d2d16a014812623bc539d84760bfa6121e83a32eaf2ee6f364fe4be9c8192b3fcd901b733a5bd0dfa9e88d521ffba3e6124055c94e952ba1e4e73166bc39
- SSDEEP
  
  3072:VfKpbdrHYrMue8q7QPX+5xtekEdi8/dgVyVIBk6h2bsllScQjnxM:pKpbdrHYrMue8q7QPX+5xtFEdi8/dgVf
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2