bfb898bfab5dcdf7012e8f27f62ce09609cc276f51c03537cf8de836e2e81dde | Triage

Sharing

General

Target

bfb898bfab5dcdf7012e8f27f62ce09609cc276f51c03537cf8de836e2e81dde
Size

96KB
Sample

241120-wb9x7azqex
MD5

20fd9c9dc5e49741e206e2163c5c0533
SHA1

b3e379182ee80528309098995274fc6f7a1ac2c4
SHA256

bfb898bfab5dcdf7012e8f27f62ce09609cc276f51c03537cf8de836e2e81dde
SHA512

d41e63b98feb7d393518ba90a9bf1e1ddc67f1454a190d60ba03cf114a87894796a9971e84926d60807d2ca40ea766ec76252ef0fb3d004fc1b63ffda92e4233
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3p:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  bfb898bfab5dcdf7012e8f27f62ce09609cc276f51c03537cf8de836e2e81dde
- Size
  
  96KB
- MD5
  
  20fd9c9dc5e49741e206e2163c5c0533
- SHA1
  
  b3e379182ee80528309098995274fc6f7a1ac2c4
- SHA256
  
  bfb898bfab5dcdf7012e8f27f62ce09609cc276f51c03537cf8de836e2e81dde
- SHA512
  
  d41e63b98feb7d393518ba90a9bf1e1ddc67f1454a190d60ba03cf114a87894796a9971e84926d60807d2ca40ea766ec76252ef0fb3d004fc1b63ffda92e4233
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3p:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2