53553852c1e639667bf7f8bab711b1bae9d21aebdcc4fab5cbebfdcaa2788cc5 | Triage

Sharing

General

Target

53553852c1e639667bf7f8bab711b1bae9d21aebdcc4fab5cbebfdcaa2788cc5
Size

91KB
Sample

241121-ad176s1khn
MD5

5bea7e67d77daa503d9ebc71cfe86dba
SHA1

8d4cff00024d3f7bcffb5f47a3e9a87fbb984149
SHA256

53553852c1e639667bf7f8bab711b1bae9d21aebdcc4fab5cbebfdcaa2788cc5
SHA512

159e49b4b2a0ef117a5d62c5f424e8de80883b13dce1d6c3e07c0805621490278a49dd4d87304113fd578e9c0866339754c9f3255b4a6ebcabec2c938f8f053c
SSDEEP

1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZiX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://encuadernacionesartis.com/Vk2Z1Na/IZpyySkbU/

xlm40.dropper

http://eznetb.synology.me/@eaDir/E36Y/

xlm40.dropper

http://bytesendesign.nl/cgi-bin/LolX/

xlm40.dropper

http://choltice.eu/mwc/syl3Y/

Targets

- Target
  
  53553852c1e639667bf7f8bab711b1bae9d21aebdcc4fab5cbebfdcaa2788cc5
- Size
  
  91KB
- MD5
  
  5bea7e67d77daa503d9ebc71cfe86dba
- SHA1
  
  8d4cff00024d3f7bcffb5f47a3e9a87fbb984149
- SHA256
  
  53553852c1e639667bf7f8bab711b1bae9d21aebdcc4fab5cbebfdcaa2788cc5
- SHA512
  
  159e49b4b2a0ef117a5d62c5f424e8de80883b13dce1d6c3e07c0805621490278a49dd4d87304113fd578e9c0866339754c9f3255b4a6ebcabec2c938f8f053c
- SSDEEP
  
  1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZiX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2