b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6 | Triage

Sharing

General

Target

b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
Size

96KB
Sample

241120-xnv58s1dkc
MD5

a870508b049f2ddd9f73b34821c14a73
SHA1

f8022c0d140303bb44cc4d55b10b3e682ba897a0
SHA256

b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
SHA512

e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
- Size
  
  96KB
- MD5
  
  a870508b049f2ddd9f73b34821c14a73
- SHA1
  
  f8022c0d140303bb44cc4d55b10b3e682ba897a0
- SHA256
  
  b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
- SHA512
  
  e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2