General

  • Target

    4e5b8ea876391327aaef419aa8ac980a4afbb181c87bab440b200ca70563c1b1

  • Size

    56KB

  • Sample

    241120-xpff6s1dla

  • MD5

    c497c874c95cd45c89ea42286043e140

  • SHA1

    e2ff65eebed974819af5d42fea17c53b6f4c6cba

  • SHA256

    4e5b8ea876391327aaef419aa8ac980a4afbb181c87bab440b200ca70563c1b1

  • SHA512

    d597d8cd431cf9d45aa8545f391f9c075e9f924cbcd5ae0546b4fdecab4106f222169f6bae073fc07c1507ad7955ff52f19b32cae274c0a6feac0ce27b1eb1a9

  • SSDEEP

    1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvf:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://church.ktc-center.net/PbSkdCOW/

xlm40.dropper

https://chobemaster.com/components/gus/

xlm40.dropper

https://christianchapman.com/cgi-bin/gADHL9UXSFUTN/

Targets

    • Target

      4e5b8ea876391327aaef419aa8ac980a4afbb181c87bab440b200ca70563c1b1

    • Size

      56KB

    • MD5

      c497c874c95cd45c89ea42286043e140

    • SHA1

      e2ff65eebed974819af5d42fea17c53b6f4c6cba

    • SHA256

      4e5b8ea876391327aaef419aa8ac980a4afbb181c87bab440b200ca70563c1b1

    • SHA512

      d597d8cd431cf9d45aa8545f391f9c075e9f924cbcd5ae0546b4fdecab4106f222169f6bae073fc07c1507ad7955ff52f19b32cae274c0a6feac0ce27b1eb1a9

    • SSDEEP

      1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvf:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks