9d7b41e15aa318bd33b2cb382d917c990bd3c2c42db4deff07c7292e3d4e3878 | Triage

Sharing

General

Target

9d7b41e15aa318bd33b2cb382d917c990bd3c2c42db4deff07c7292e3d4e3878
Size

77KB
Sample

241121-a4pxtsxfrl
MD5

f01e45f7a7e5d39adf4c814d2abacca2
SHA1

035cc2659dda458125480ab51f3de0baebd36f53
SHA256

9d7b41e15aa318bd33b2cb382d917c990bd3c2c42db4deff07c7292e3d4e3878
SHA512

cd0af798232fe4a24da0644e179aa2e0116c46b635ad3fb92d34706e0f16ce7cd76214fc2dab1a8b4bb59ad519558854663460439b29b244f77e7e50cd98e416
SSDEEP

1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8ErU:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://trusttransport-eg.com/wp-admin/rphDfzbs/

xlm40.dropper

https://thuexevanphong.com/wp-content/F6JRN/

xlm40.dropper

http://thisiselizabethj.com/wp-content/qeg16EZwSZy2/

Targets

- Target
  
  9d7b41e15aa318bd33b2cb382d917c990bd3c2c42db4deff07c7292e3d4e3878
- Size
  
  77KB
- MD5
  
  f01e45f7a7e5d39adf4c814d2abacca2
- SHA1
  
  035cc2659dda458125480ab51f3de0baebd36f53
- SHA256
  
  9d7b41e15aa318bd33b2cb382d917c990bd3c2c42db4deff07c7292e3d4e3878
- SHA512
  
  cd0af798232fe4a24da0644e179aa2e0116c46b635ad3fb92d34706e0f16ce7cd76214fc2dab1a8b4bb59ad519558854663460439b29b244f77e7e50cd98e416
- SSDEEP
  
  1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8ErU:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2