4df811184804a69909d21aa8a20da6902590c2871fdf84d2290f6b911448c365 | Triage

Sharing

General

Target

4df811184804a69909d21aa8a20da6902590c2871fdf84d2290f6b911448c365
Size

80KB
Sample

241120-vcrbsstral
MD5

18a6679b90020130d8b2da431882471c
SHA1

24a1e6dfbbfbbc6253e62d18ece87e51c6d537b7
SHA256

4df811184804a69909d21aa8a20da6902590c2871fdf84d2290f6b911448c365
SHA512

d27f40e8bf6db767a77c860e396003891e81edda61ffe9bdde05e3a8003080b256e7785ad32efd5ca6ee52789da635510e44a8d539bc3c2720053de1a1a78a89
SSDEEP

1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJeZ:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dE

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://centaurussits.com/assets/FL/

xlm40.dropper

http://cansal.cl/cgi-bin/besSIJTfOk0DtHZR/

xlm40.dropper

http://chalkie.me.uk/cgi-bin/gMLuebzG2RskkJXwY/

xlm40.dropper

http://www.cecambrils.cat/wp-content/0KwOSfNDESlzVMoc/

Targets

- Target
  
  4df811184804a69909d21aa8a20da6902590c2871fdf84d2290f6b911448c365
- Size
  
  80KB
- MD5
  
  18a6679b90020130d8b2da431882471c
- SHA1
  
  24a1e6dfbbfbbc6253e62d18ece87e51c6d537b7
- SHA256
  
  4df811184804a69909d21aa8a20da6902590c2871fdf84d2290f6b911448c365
- SHA512
  
  d27f40e8bf6db767a77c860e396003891e81edda61ffe9bdde05e3a8003080b256e7785ad32efd5ca6ee52789da635510e44a8d539bc3c2720053de1a1a78a89
- SSDEEP
  
  1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG7HuS4VcTO9/r7UYdEJeZ:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dE
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2