2ba86583af12321e319a8d54902dbe96d4748edd011f987a307df8401cf767eb | Triage

Sharing

General

Target

2ba86583af12321e319a8d54902dbe96d4748edd011f987a307df8401cf767eb
Size

56KB
Sample

241120-yn2hpasgpn
MD5

ce06844bd5e8667801f1ef783582329d
SHA1

922483815521cdb972236713dfd38e1d116f3826
SHA256

2ba86583af12321e319a8d54902dbe96d4748edd011f987a307df8401cf767eb
SHA512

9d713e479d31909c078be42edea828ab614c16b5a3fb3a8ad00e91f370eca4e58c89fe6aaff953cfe2caa1422a7a271804c915610775b3fc79ab6080bd9ce4f1
SSDEEP

1536:yUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:9snbcpn+8ZGIFK73tMQ5

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.equus.com/2i8yt/GhBSz6peG/

Targets

- Target
  
  2ba86583af12321e319a8d54902dbe96d4748edd011f987a307df8401cf767eb
- Size
  
  56KB
- MD5
  
  ce06844bd5e8667801f1ef783582329d
- SHA1
  
  922483815521cdb972236713dfd38e1d116f3826
- SHA256
  
  2ba86583af12321e319a8d54902dbe96d4748edd011f987a307df8401cf767eb
- SHA512
  
  9d713e479d31909c078be42edea828ab614c16b5a3fb3a8ad00e91f370eca4e58c89fe6aaff953cfe2caa1422a7a271804c915610775b3fc79ab6080bd9ce4f1
- SSDEEP
  
  1536:yUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:9snbcpn+8ZGIFK73tMQ5
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2