20a117c353fd6b9e121b7785ee6bf3a23af94f1bc2e3cf7b5957528fd1992e8f | Triage

Sharing

General

Target

20a117c353fd6b9e121b7785ee6bf3a23af94f1bc2e3cf7b5957528fd1992e8f
Size

47KB
Sample

241121-a14lta1phj
MD5

bb2d18b229f1032c3b4c7a73d4455f88
SHA1

569ea616fdad1455a341488da4093f28c0e6dad0
SHA256

20a117c353fd6b9e121b7785ee6bf3a23af94f1bc2e3cf7b5957528fd1992e8f
SHA512

c0c6ef29583d187b2bf3a98f03717c54a73b87ee76f9763d41e7673f404a83ab4375f394cdaea25f6f3737d2198057bdb347d530592c423fe7cdb3bcff3deff8
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxF6:462tfQXi8vgLZkTOHkQT51Vp6AwPe8g/

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  20a117c353fd6b9e121b7785ee6bf3a23af94f1bc2e3cf7b5957528fd1992e8f
- Size
  
  47KB
- MD5
  
  bb2d18b229f1032c3b4c7a73d4455f88
- SHA1
  
  569ea616fdad1455a341488da4093f28c0e6dad0
- SHA256
  
  20a117c353fd6b9e121b7785ee6bf3a23af94f1bc2e3cf7b5957528fd1992e8f
- SHA512
  
  c0c6ef29583d187b2bf3a98f03717c54a73b87ee76f9763d41e7673f404a83ab4375f394cdaea25f6f3737d2198057bdb347d530592c423fe7cdb3bcff3deff8
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxF6:462tfQXi8vgLZkTOHkQT51Vp6AwPe8g/
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2