09ccfdf0657074e136f7afd66ec9ce8c62db5c33cb9ec04101e49c761fdbd276 | Triage

Sharing

General

Target

09ccfdf0657074e136f7afd66ec9ce8c62db5c33cb9ec04101e49c761fdbd276
Size

60KB
Sample

241121-az85xaxfkk
MD5

021dd30080b450fcaafa421cd08c6b16
SHA1

9f73701033a4dcbaca1b72665ab656e654379323
SHA256

09ccfdf0657074e136f7afd66ec9ce8c62db5c33cb9ec04101e49c761fdbd276
SHA512

9bb15cf7717258dc605b8c348b466c5cbb355c88d4a76c30bec044d95dd24b75f3f6dc57e2b7fa9aa5b4c3f34bd2b80af418087f95e491bf1585b1b5b9b6c30e
SSDEEP

1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.valyval.com/pun/VAYL/

xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/

xlm40.dropper

http://calzadoyuyin.com/cgj-bin/jZPff/

xlm40.dropper

http://cagranus.com/slide/mcqAFuMhaekn/

Targets

- Target
  
  09ccfdf0657074e136f7afd66ec9ce8c62db5c33cb9ec04101e49c761fdbd276
- Size
  
  60KB
- MD5
  
  021dd30080b450fcaafa421cd08c6b16
- SHA1
  
  9f73701033a4dcbaca1b72665ab656e654379323
- SHA256
  
  09ccfdf0657074e136f7afd66ec9ce8c62db5c33cb9ec04101e49c761fdbd276
- SHA512
  
  9bb15cf7717258dc605b8c348b466c5cbb355c88d4a76c30bec044d95dd24b75f3f6dc57e2b7fa9aa5b4c3f34bd2b80af418087f95e491bf1585b1b5b9b6c30e
- SSDEEP
  
  1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2