80cc2592c761a4365a06bde6f032d6ad3636a4cc25d9d7364b13d214166af8f8 | Triage

Sharing

General

Target

80cc2592c761a4365a06bde6f032d6ad3636a4cc25d9d7364b13d214166af8f8
Size

46KB
Sample

241121-ae6jaawdnd
MD5

f55ccde7bd3dfaeaa69bbc08d4777a3a
SHA1

72b0d670112dd79efed501ea7b35958ae9191585
SHA256

80cc2592c761a4365a06bde6f032d6ad3636a4cc25d9d7364b13d214166af8f8
SHA512

f2cd0df7d3cc379744f144294128377e8a40424df6771861218fe197ec29bba5a1c6710508620f5e57af07e2c17dbd77548a6e585f628b9398201cabd8012c7e
SSDEEP

768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VgTBs7QqvZQ4tsdurv:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Uv

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://202.29.80.55/2021/z/

xlm40.dropper

http://23.239.12.243/dealspot/SvebxVmFucz/

xlm40.dropper

https://adviceme.gr/test/SSzbOkk633/

Targets

- Target
  
  80cc2592c761a4365a06bde6f032d6ad3636a4cc25d9d7364b13d214166af8f8
- Size
  
  46KB
- MD5
  
  f55ccde7bd3dfaeaa69bbc08d4777a3a
- SHA1
  
  72b0d670112dd79efed501ea7b35958ae9191585
- SHA256
  
  80cc2592c761a4365a06bde6f032d6ad3636a4cc25d9d7364b13d214166af8f8
- SHA512
  
  f2cd0df7d3cc379744f144294128377e8a40424df6771861218fe197ec29bba5a1c6710508620f5e57af07e2c17dbd77548a6e585f628b9398201cabd8012c7e
- SSDEEP
  
  768:pDMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+VgTBs7QqvZQ4tsdurv:pYKpb8rGYrMPe3q7Q0XV5xtezE8vG8Uv
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2