a5af777e48122519acfda151708cc32c2eb8c02f6aaff045126e0bd2ac1d164e | Triage

Sharing

General

Target

a5af777e48122519acfda151708cc32c2eb8c02f6aaff045126e0bd2ac1d164e
Size

96KB
Sample

241120-zwc1qstkat
MD5

f03258d32d6073b71a91c11e5c1b4db2
SHA1

12f6bac9371f39eaf11e1ab00ea1b6c701771f8e
SHA256

a5af777e48122519acfda151708cc32c2eb8c02f6aaff045126e0bd2ac1d164e
SHA512

99139c260fd4307eef25cbd96d5d0b8dfeb0ee6404bc60ba0a530f7caeaf5d00f7e0f9f1a867922badf999228e35c95f4ad7435c87d2d24291acf39f750178a1
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3m:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  a5af777e48122519acfda151708cc32c2eb8c02f6aaff045126e0bd2ac1d164e
- Size
  
  96KB
- MD5
  
  f03258d32d6073b71a91c11e5c1b4db2
- SHA1
  
  12f6bac9371f39eaf11e1ab00ea1b6c701771f8e
- SHA256
  
  a5af777e48122519acfda151708cc32c2eb8c02f6aaff045126e0bd2ac1d164e
- SHA512
  
  99139c260fd4307eef25cbd96d5d0b8dfeb0ee6404bc60ba0a530f7caeaf5d00f7e0f9f1a867922badf999228e35c95f4ad7435c87d2d24291acf39f750178a1
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3m:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2