54d6289b328d591f87df47b6141b34a51f9d9c93ec82532e1898f74895612e21 | Triage

Sharing

General

Target

54d6289b328d591f87df47b6141b34a51f9d9c93ec82532e1898f74895612e21
Size

96KB
Sample

241120-w3mlza1khz
MD5

c2b17630ce80dc179d4f8373b8378b12
SHA1

61949878a86175fa9be211cad79951114cb0a1ce
SHA256

54d6289b328d591f87df47b6141b34a51f9d9c93ec82532e1898f74895612e21
SHA512

9bc93855f60ea04da7e69241254943141d884c3a335fdd5ea0057abcd71d9149e2627320e174a532687d88a19a9d9431b68d9ad75a4a037c124acb5f368ffa58
SSDEEP

1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmW7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://bpsjambi.id/about/CcN5IbuInPQ/

xlm40.dropper

https://greenlizard.co.za/amanah/pu8xeUOpqqq/

xlm40.dropper

https://akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/

xlm40.dropper

https://www.yell.ge/nav_logo/x960wo3PHaIUm/

Targets

- Target
  
  54d6289b328d591f87df47b6141b34a51f9d9c93ec82532e1898f74895612e21
- Size
  
  96KB
- MD5
  
  c2b17630ce80dc179d4f8373b8378b12
- SHA1
  
  61949878a86175fa9be211cad79951114cb0a1ce
- SHA256
  
  54d6289b328d591f87df47b6141b34a51f9d9c93ec82532e1898f74895612e21
- SHA512
  
  9bc93855f60ea04da7e69241254943141d884c3a335fdd5ea0057abcd71d9149e2627320e174a532687d88a19a9d9431b68d9ad75a4a037c124acb5f368ffa58
- SSDEEP
  
  1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJmW7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2