9c733d050455dd447c943be4db2a5d777b5feba01fea6a8bb4411eed1146e7eb | Triage

Sharing

General

Target

9c733d050455dd447c943be4db2a5d777b5feba01fea6a8bb4411eed1146e7eb
Size

96KB
Sample

241120-y3janaxkdn
MD5

b278f81a09caeaa8d8ed6e877fd548cd
SHA1

04dc8560817a6b5e18c98ff67dbbc34e9f379b05
SHA256

9c733d050455dd447c943be4db2a5d777b5feba01fea6a8bb4411eed1146e7eb
SHA512

842eb1804b61b5f35614c07a5d97c7f0398b008b7d39d29d736ee3027256d8c29412f663e8624815e01f2929df4dc31c63413c7bc296f8d67025b0e00d71ab3f
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmE:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgA

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/

xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/

xlm40.dropper

http://atici.net/c/JDFDBMIz/

xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

- Target
  
  9c733d050455dd447c943be4db2a5d777b5feba01fea6a8bb4411eed1146e7eb
- Size
  
  96KB
- MD5
  
  b278f81a09caeaa8d8ed6e877fd548cd
- SHA1
  
  04dc8560817a6b5e18c98ff67dbbc34e9f379b05
- SHA256
  
  9c733d050455dd447c943be4db2a5d777b5feba01fea6a8bb4411eed1146e7eb
- SHA512
  
  842eb1804b61b5f35614c07a5d97c7f0398b008b7d39d29d736ee3027256d8c29412f663e8624815e01f2929df4dc31c63413c7bc296f8d67025b0e00d71ab3f
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmE:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgA
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2