0a19498bce5c91710ef60becb98aa026a8a57ced6926b6beac107186ebe3d05b | Triage

Sharing

General

Target

0a19498bce5c91710ef60becb98aa026a8a57ced6926b6beac107186ebe3d05b
Size

70KB
Sample

241120-vgtbyszama
MD5

1cc5c85e99d6b8e4f1575bc313373b74
SHA1

1e83217834b1164dadf203cdf47d74024ca3d1d7
SHA256

0a19498bce5c91710ef60becb98aa026a8a57ced6926b6beac107186ebe3d05b
SHA512

6dc913d292994f7c8ca3a90b01708a8955b8a81b21bcde54e06e9bf3ab8c21b40bbb22b392e8531596504e0c85eeddacb63b9fbda8f7376df844ee710890750e
SSDEEP

1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+4+hDcnTLiQrRTZws8E1:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMf

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://natayakim.com/_hlam/Ob78p6SxMNonofG/

xlm40.dropper

http://weplug.com/dom/LfdeV8H4Zy1yLFRV/

xlm40.dropper

http://martinmichalek.com/_sub/G1QKwEYPbt/

Targets

- Target
  
  0a19498bce5c91710ef60becb98aa026a8a57ced6926b6beac107186ebe3d05b
- Size
  
  70KB
- MD5
  
  1cc5c85e99d6b8e4f1575bc313373b74
- SHA1
  
  1e83217834b1164dadf203cdf47d74024ca3d1d7
- SHA256
  
  0a19498bce5c91710ef60becb98aa026a8a57ced6926b6beac107186ebe3d05b
- SHA512
  
  6dc913d292994f7c8ca3a90b01708a8955b8a81b21bcde54e06e9bf3ab8c21b40bbb22b392e8531596504e0c85eeddacb63b9fbda8f7376df844ee710890750e
- SSDEEP
  
  1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+4+hDcnTLiQrRTZws8E1:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMf
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2