19940a1e1820b4aa1e0bc8ae018bd31dc2d870fd9970ffbb3a25a25676c60936 | Triage

Sharing

General

Target

19940a1e1820b4aa1e0bc8ae018bd31dc2d870fd9970ffbb3a25a25676c60936
Size

37KB
Sample

241121-a25v9sxfmr
MD5

281e4ecf6aa3fcbdad4755bbcdee69cd
SHA1

2f8ccfc79cb4ab0a40c3ba0a05419942626438c3
SHA256

19940a1e1820b4aa1e0bc8ae018bd31dc2d870fd9970ffbb3a25a25676c60936
SHA512

e8daf059c8cac6fdd694f333ee29a4c82bcb444af482a4ea7af9a27895b28cde9ddf721ba3b87d8575c6fffd0da6189fc3587485dc8adeac63eaa383c0d6e5dd
SSDEEP

768:0b/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:0bmd5zmxE7W0XYk4pEVyV

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ordereasy.hk/error/8BZswf/

xlm40.dropper

https://duocphamct.com/wp-content/JYT0KrYcoJrAj/

Targets

- Target
  
  19940a1e1820b4aa1e0bc8ae018bd31dc2d870fd9970ffbb3a25a25676c60936
- Size
  
  37KB
- MD5
  
  281e4ecf6aa3fcbdad4755bbcdee69cd
- SHA1
  
  2f8ccfc79cb4ab0a40c3ba0a05419942626438c3
- SHA256
  
  19940a1e1820b4aa1e0bc8ae018bd31dc2d870fd9970ffbb3a25a25676c60936
- SHA512
  
  e8daf059c8cac6fdd694f333ee29a4c82bcb444af482a4ea7af9a27895b28cde9ddf721ba3b87d8575c6fffd0da6189fc3587485dc8adeac63eaa383c0d6e5dd
- SSDEEP
  
  768:0b/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:0bmd5zmxE7W0XYk4pEVyV
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2