4680c96bfa1d86cb9660dcc726095a5eb5d04b0d6e9c871340ee63abee704c29 | Triage

Sharing

General

Target

4680c96bfa1d86cb9660dcc726095a5eb5d04b0d6e9c871340ee63abee704c29
Size

63KB
Sample

241120-tgps4azdjk
MD5

ac427f62d3bc3787ca868d4d5ed83718
SHA1

309b76f35bfc7793a959281e8287fcba973e1b72
SHA256

4680c96bfa1d86cb9660dcc726095a5eb5d04b0d6e9c871340ee63abee704c29
SHA512

3202d81d4a136775d5971c74208aa3aa3919ebecae6ec80a5ef54e8ecfdf5cacade628059d1480310a659d7dde9d6b8d1c272cd576a932c25c0e2e29af31aee4
SSDEEP

1536:9pKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgXHuS4VcTO9/r7UYdEJeDJQ:7Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgZ

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ingelse.net/ndMmqxh/

xlm40.dropper

https://kwickconnect.com/im-messenger/Szrb9EthOX91/

xlm40.dropper

https://manchesterslt.co.uk/a-to-z-of-slt/xOgw/

Targets

- Target
  
  4680c96bfa1d86cb9660dcc726095a5eb5d04b0d6e9c871340ee63abee704c29
- Size
  
  63KB
- MD5
  
  ac427f62d3bc3787ca868d4d5ed83718
- SHA1
  
  309b76f35bfc7793a959281e8287fcba973e1b72
- SHA256
  
  4680c96bfa1d86cb9660dcc726095a5eb5d04b0d6e9c871340ee63abee704c29
- SHA512
  
  3202d81d4a136775d5971c74208aa3aa3919ebecae6ec80a5ef54e8ecfdf5cacade628059d1480310a659d7dde9d6b8d1c272cd576a932c25c0e2e29af31aee4
- SSDEEP
  
  1536:9pKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgXHuS4VcTO9/r7UYdEJeDJQ:7Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgZ
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2