a06c899c395e67e8d9cf518b134cab0f77bdc50f8090ea40dd168c3913bfd3bf | Triage

Sharing

General

Target

a06c899c395e67e8d9cf518b134cab0f77bdc50f8090ea40dd168c3913bfd3bf
Size

80KB
Sample

241120-v2f75avlcj
MD5

6cef783310b37e3c29c02679cb3f68f9
SHA1

a681ad578bd865fa5ee239c7f92965c9a40cffb8
SHA256

a06c899c395e67e8d9cf518b134cab0f77bdc50f8090ea40dd168c3913bfd3bf
SHA512

77b2b2e24e73328deee1000eb7ab6576c795eb33d29ffe49bb40e0bf44efb1a55800e919d840560d714ddc25358333abdbe8ad948c21565b7201ad2e92c5fdb3
SSDEEP

1536:UTOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQbHuS4VcTO9/r7UYdEJep:UaKpb8rGYrMPe3q7Q0XV5xtezEsi8/de

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.boraintercambios.com.br/wp-includes/AN4ixiH4Th/

xlm40.dropper

https://brigadir.com/bkp/SwrVs4yU/

xlm40.dropper

http://handboog6.nl/META-INF/f/

xlm40.dropper

http://brb-ljubuski.com/wp-content/2MODCk0UZasTCL6tm/

Targets

- Target
  
  a06c899c395e67e8d9cf518b134cab0f77bdc50f8090ea40dd168c3913bfd3bf
- Size
  
  80KB
- MD5
  
  6cef783310b37e3c29c02679cb3f68f9
- SHA1
  
  a681ad578bd865fa5ee239c7f92965c9a40cffb8
- SHA256
  
  a06c899c395e67e8d9cf518b134cab0f77bdc50f8090ea40dd168c3913bfd3bf
- SHA512
  
  77b2b2e24e73328deee1000eb7ab6576c795eb33d29ffe49bb40e0bf44efb1a55800e919d840560d714ddc25358333abdbe8ad948c21565b7201ad2e92c5fdb3
- SSDEEP
  
  1536:UTOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQbHuS4VcTO9/r7UYdEJep:UaKpb8rGYrMPe3q7Q0XV5xtezEsi8/de
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2