2ead46f79240f96b0387c307d0c487c1b5a507af0b8082b2a9b8c65655771c3b | Triage

Sharing

General

Target

2ead46f79240f96b0387c307d0c487c1b5a507af0b8082b2a9b8c65655771c3b
Size

96KB
Sample

241120-zhhdastdpl
MD5

fbbbb43840e417fc24c20e468a32374d
SHA1

9b4595e0f29da765f9fcbff01c4330335040ff50
SHA256

2ead46f79240f96b0387c307d0c487c1b5a507af0b8082b2a9b8c65655771c3b
SHA512

2fa53876c242ee0684cd427dd6acb1187b61aaf93fc1ad6ef02fbcca30ace2edf03b69168eaa33291cbc10e25467c8917d381107d299b4f4751f3578725bb7c9
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3U:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  2ead46f79240f96b0387c307d0c487c1b5a507af0b8082b2a9b8c65655771c3b
- Size
  
  96KB
- MD5
  
  fbbbb43840e417fc24c20e468a32374d
- SHA1
  
  9b4595e0f29da765f9fcbff01c4330335040ff50
- SHA256
  
  2ead46f79240f96b0387c307d0c487c1b5a507af0b8082b2a9b8c65655771c3b
- SHA512
  
  2fa53876c242ee0684cd427dd6acb1187b61aaf93fc1ad6ef02fbcca30ace2edf03b69168eaa33291cbc10e25467c8917d381107d299b4f4751f3578725bb7c9
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3U:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2