General

  • Target

    b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6

  • Size

    96KB

  • Sample

    241120-xnv58s1dkc

  • MD5

    a870508b049f2ddd9f73b34821c14a73

  • SHA1

    f8022c0d140303bb44cc4d55b10b3e682ba897a0

  • SHA256

    b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6

  • SHA512

    e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

    • Target

      b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6

    • Size

      96KB

    • MD5

      a870508b049f2ddd9f73b34821c14a73

    • SHA1

      f8022c0d140303bb44cc4d55b10b3e682ba897a0

    • SHA256

      b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6

    • SHA512

      e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks