102805a33ba473a3c876f8a71f056d0af3be69a36b99144e9cbded59c059c36b | Triage

Sharing

General

Target

102805a33ba473a3c876f8a71f056d0af3be69a36b99144e9cbded59c059c36b
Size

70KB
Sample

241120-xxs28s1enb
MD5

c53230982f7e92057a45a5b03aa0dd9c
SHA1

f28d8d2cd29e930756e4980422aecc8e56538e14
SHA256

102805a33ba473a3c876f8a71f056d0af3be69a36b99144e9cbded59c059c36b
SHA512

e9f579c69641bea3d50a8f0e1be543f7a5e2a4f6ab8b89e6f9e0e091430e6eb9f7598777c5b1a93bbd889132aa827c3bb056c39c05fcb553c2affe183ca2ad05
SSDEEP

1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8EgE:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMx

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://strachanclark.com/images/3gc4qCpSFYbBMDEC/

xlm40.dropper

https://synapse-archive.com/images/bKaMr/

xlm40.dropper

https://sumuvesa.com/wp-includes/rgL/

Targets

- Target
  
  102805a33ba473a3c876f8a71f056d0af3be69a36b99144e9cbded59c059c36b
- Size
  
  70KB
- MD5
  
  c53230982f7e92057a45a5b03aa0dd9c
- SHA1
  
  f28d8d2cd29e930756e4980422aecc8e56538e14
- SHA256
  
  102805a33ba473a3c876f8a71f056d0af3be69a36b99144e9cbded59c059c36b
- SHA512
  
  e9f579c69641bea3d50a8f0e1be543f7a5e2a4f6ab8b89e6f9e0e091430e6eb9f7598777c5b1a93bbd889132aa827c3bb056c39c05fcb553c2affe183ca2ad05
- SSDEEP
  
  1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8EgE:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMx
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2