c9b436cd0bf49d0a9221fe0544d1b017c1dc128fec9932a5bdb91f5e175403e4 | Triage

Sharing

General

Target

c9b436cd0bf49d0a9221fe0544d1b017c1dc128fec9932a5bdb91f5e175403e4
Size

53KB
Sample

241120-vx6l8a1aql
MD5

d177cdc02a0b1049d19a407a8607907c
SHA1

c6aee523912f926b2b5714c6cfabc6187a9cb7db
SHA256

c9b436cd0bf49d0a9221fe0544d1b017c1dc128fec9932a5bdb91f5e175403e4
SHA512

d3d4355def6a32e6ebcab16a4d67026a209405cdc3575d672f75ddbaf4d86bdf46d78670892cc3a5bf436150a35c8e3b88522fafa647aa6bad31c1cd822c92f1
SSDEEP

1536:BPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+ASgNeEYL8UCU:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMe

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://airliftlimo.com/wp-admin/wzZ3RIsItxZsu77MFxs/

xlm40.dropper

http://demo-re-usables.inertiasoft.net/cgi-bin/AR4nYNd9xpn/

xlm40.dropper

https://justplay.asia/google/oCbyPwB8B/

Targets

- Target
  
  c9b436cd0bf49d0a9221fe0544d1b017c1dc128fec9932a5bdb91f5e175403e4
- Size
  
  53KB
- MD5
  
  d177cdc02a0b1049d19a407a8607907c
- SHA1
  
  c6aee523912f926b2b5714c6cfabc6187a9cb7db
- SHA256
  
  c9b436cd0bf49d0a9221fe0544d1b017c1dc128fec9932a5bdb91f5e175403e4
- SHA512
  
  d3d4355def6a32e6ebcab16a4d67026a209405cdc3575d672f75ddbaf4d86bdf46d78670892cc3a5bf436150a35c8e3b88522fafa647aa6bad31c1cd822c92f1
- SSDEEP
  
  1536:BPKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+ASgNeEYL8UCU:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMe
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2