a598cd88d7fc4911786bb3a49f556bdc39d66faf40d4cc00f48ab241c4a8bcbe | Triage

Sharing

General

Target

a598cd88d7fc4911786bb3a49f556bdc39d66faf40d4cc00f48ab241c4a8bcbe
Size

47KB
Sample

241120-xg9eaa1nd1
MD5

8d90f5d2a192a97a0db03b2bb2dcf118
SHA1

86076223203c34fe561da496ae73f96e488b3d31
SHA256

a598cd88d7fc4911786bb3a49f556bdc39d66faf40d4cc00f48ab241c4a8bcbe
SHA512

3f0413de02a4243f23e25a95e853db49b7803eb852e3fb4024bb96989de4d473b70d0edb272a969b6f196f42832ae934628343f88cd9001909607856a2e71cac
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  a598cd88d7fc4911786bb3a49f556bdc39d66faf40d4cc00f48ab241c4a8bcbe
- Size
  
  47KB
- MD5
  
  8d90f5d2a192a97a0db03b2bb2dcf118
- SHA1
  
  86076223203c34fe561da496ae73f96e488b3d31
- SHA256
  
  a598cd88d7fc4911786bb3a49f556bdc39d66faf40d4cc00f48ab241c4a8bcbe
- SHA512
  
  3f0413de02a4243f23e25a95e853db49b7803eb852e3fb4024bb96989de4d473b70d0edb272a969b6f196f42832ae934628343f88cd9001909607856a2e71cac
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2