455ba1c2d6886dbd57927c9c5d838cb71b80dfa2a9ea4425665aa02316c9ae08 | Triage

Sharing

General

Target

455ba1c2d6886dbd57927c9c5d838cb71b80dfa2a9ea4425665aa02316c9ae08
Size

95KB
Sample

241120-v3tjvazcqe
MD5

4209cc8a62f7b244bdc6a7f21b09445b
SHA1

aa7ac58218e0f58303c65ac970fa7038f1b7a521
SHA256

455ba1c2d6886dbd57927c9c5d838cb71b80dfa2a9ea4425665aa02316c9ae08
SHA512

8459d62989b23223eb4cb1c12a46bdbf6a7039793f866df333a542edab4433f37f0e885136642f0a87234f2360bfbd7f58c32f01e38170245329006be1b6f69b
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7g:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://yakosurf.com/wp-includes/y9jgKE7f1wMM/

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/

xlm40.dropper

http://armannahalpersian.ir/armannahalpersian/byxUd7hAO2/

xlm40.dropper

http://disweb.sk/lfHCegwZndgMs/KFfG/

Targets

- Target
  
  455ba1c2d6886dbd57927c9c5d838cb71b80dfa2a9ea4425665aa02316c9ae08
- Size
  
  95KB
- MD5
  
  4209cc8a62f7b244bdc6a7f21b09445b
- SHA1
  
  aa7ac58218e0f58303c65ac970fa7038f1b7a521
- SHA256
  
  455ba1c2d6886dbd57927c9c5d838cb71b80dfa2a9ea4425665aa02316c9ae08
- SHA512
  
  8459d62989b23223eb4cb1c12a46bdbf6a7039793f866df333a542edab4433f37f0e885136642f0a87234f2360bfbd7f58c32f01e38170245329006be1b6f69b
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/HuS4hcTO97v7UYdEJmEj7g:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2