2c63d0777f42dba50b7329c120ef7f81246788912d3936b4abefa6bdfad9aa9f | Triage

Sharing

General

Target

2c63d0777f42dba50b7329c120ef7f81246788912d3936b4abefa6bdfad9aa9f
Size

56KB
Sample

241120-w7h5cawjbl
MD5

24767f510f9f56da213a0f8189d0efce
SHA1

8cfb3c045d696a5f9ee2aa27167209408c947256
SHA256

2c63d0777f42dba50b7329c120ef7f81246788912d3936b4abefa6bdfad9aa9f
SHA512

b4b76ec0b0e4727a2438b5b11ffd1f03da6fb125665c5c6c248f3e6036007de90d6a3a63cca7f75f80d40712752359497053f983fc9ddfe9824059b7c62efe4c
SSDEEP

1536:iUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:tsnbcpn+8ZGIFK73tMQ5

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.equus.com/2i8yt/GhBSz6peG/

Targets

- Target
  
  2c63d0777f42dba50b7329c120ef7f81246788912d3936b4abefa6bdfad9aa9f
- Size
  
  56KB
- MD5
  
  24767f510f9f56da213a0f8189d0efce
- SHA1
  
  8cfb3c045d696a5f9ee2aa27167209408c947256
- SHA256
  
  2c63d0777f42dba50b7329c120ef7f81246788912d3936b4abefa6bdfad9aa9f
- SHA512
  
  b4b76ec0b0e4727a2438b5b11ffd1f03da6fb125665c5c6c248f3e6036007de90d6a3a63cca7f75f80d40712752359497053f983fc9ddfe9824059b7c62efe4c
- SSDEEP
  
  1536:iUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:tsnbcpn+8ZGIFK73tMQ5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2