c62979afcd380e21d3a0b4f0119f0b773adb7cda534a2023e9432e5ea918dbb6 | Triage

Sharing

General

Target

c62979afcd380e21d3a0b4f0119f0b773adb7cda534a2023e9432e5ea918dbb6
Size

70KB
Sample

241120-wafyqa1cpk
MD5

9df346e61326fbe798f77b5d9b59f2ed
SHA1

f1e8856056bf6ba16ad7d453fd8e8d3b52299129
SHA256

c62979afcd380e21d3a0b4f0119f0b773adb7cda534a2023e9432e5ea918dbb6
SHA512

39612c59087c17a506ab5b3af04137e886dd999af51c60447c0894b294c36906c4de5ca2683636f182f3634c605410279c18fa1bdfbfa38d1ee89feb46ca451c
SSDEEP

1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8EbK:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM1

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://prprofile.com/wp-admin/CIqrvgYsvBiBlIM/

xlm40.dropper

https://retardantedefuegoperu.com/slider/rFhAa78/

xlm40.dropper

http://survei.absensi.net/cc-content/YCcjkOA3ijYNu46Y/

Targets

- Target
  
  c62979afcd380e21d3a0b4f0119f0b773adb7cda534a2023e9432e5ea918dbb6
- Size
  
  70KB
- MD5
  
  9df346e61326fbe798f77b5d9b59f2ed
- SHA1
  
  f1e8856056bf6ba16ad7d453fd8e8d3b52299129
- SHA256
  
  c62979afcd380e21d3a0b4f0119f0b773adb7cda534a2023e9432e5ea918dbb6
- SHA512
  
  39612c59087c17a506ab5b3af04137e886dd999af51c60447c0894b294c36906c4de5ca2683636f182f3634c605410279c18fa1bdfbfa38d1ee89feb46ca451c
- SSDEEP
  
  1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8EbK:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM1
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2