341a46578b652a45903b0c5540f32e39875bf9ee65b5d7902c5885013555859f | Triage

Sharing

General

Target

341a46578b652a45903b0c5540f32e39875bf9ee65b5d7902c5885013555859f
Size

95KB
Sample

241120-vdz1bszgnq
MD5

ab8135c30deb4ba84f5298190375de5f
SHA1

888ba7d577f058a89a1bcef4929ffe41803b63df
SHA256

341a46578b652a45903b0c5540f32e39875bf9ee65b5d7902c5885013555859f
SHA512

e5a5a52e0a2c40b1cda10cfbc9984e5b3139be5a243814f54e24810140310f1255dd837496992a13b13676ae90cac448d6cf9667f2e6240685c3689876442cdc
SSDEEP

1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmJ:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgc

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/YH8OJ1Zz8miBX/

xlm40.dropper

http://ebuysa.co.za/yt-assets/yZ30/

xlm40.dropper

http://3dstudioa.com.br/files/1ubPAB/

xlm40.dropper

http://boardmart.co.za/images/DvMHPbTLn/

Targets

- Target
  
  341a46578b652a45903b0c5540f32e39875bf9ee65b5d7902c5885013555859f
- Size
  
  95KB
- MD5
  
  ab8135c30deb4ba84f5298190375de5f
- SHA1
  
  888ba7d577f058a89a1bcef4929ffe41803b63df
- SHA256
  
  341a46578b652a45903b0c5540f32e39875bf9ee65b5d7902c5885013555859f
- SHA512
  
  e5a5a52e0a2c40b1cda10cfbc9984e5b3139be5a243814f54e24810140310f1255dd837496992a13b13676ae90cac448d6cf9667f2e6240685c3689876442cdc
- SSDEEP
  
  1536:UkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmJ:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgc
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2