812a70b03189a3bd66ef00d2a64cfa115a3cad7207364650972567eac196446b | Triage

Sharing

General

Target

812a70b03189a3bd66ef00d2a64cfa115a3cad7207364650972567eac196446b
Size

60KB
Sample

241121-amny7swpgy
MD5

9a23c7e9aaaea780ae6a00c4aff33a9b
SHA1

939fb1832af578418f5bbb330640a61b43fde46e
SHA256

812a70b03189a3bd66ef00d2a64cfa115a3cad7207364650972567eac196446b
SHA512

d9744c5c07c16f5b526929e1ef9b5a698bb17ff1988555c94d1a44bddffbd544a9814dc894887da06d455eea37678e48d47f72c2970f1de8abba90b13930f322
SSDEEP

1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5t:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.valyval.com/pun/VAYL/

xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/

xlm40.dropper

http://calzadoyuyin.com/cgj-bin/jZPff/

xlm40.dropper

http://cagranus.com/slide/mcqAFuMhaekn/

Targets

- Target
  
  812a70b03189a3bd66ef00d2a64cfa115a3cad7207364650972567eac196446b
- Size
  
  60KB
- MD5
  
  9a23c7e9aaaea780ae6a00c4aff33a9b
- SHA1
  
  939fb1832af578418f5bbb330640a61b43fde46e
- SHA256
  
  812a70b03189a3bd66ef00d2a64cfa115a3cad7207364650972567eac196446b
- SHA512
  
  d9744c5c07c16f5b526929e1ef9b5a698bb17ff1988555c94d1a44bddffbd544a9814dc894887da06d455eea37678e48d47f72c2970f1de8abba90b13930f322
- SSDEEP
  
  1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5t:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgI
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2