General
-
Target
9844.xlsm
-
Size
25KB
-
Sample
210311-5l4cp5kbx6
-
MD5
a0b1853b1dc98e17e8b1040e9b14bc1f
-
SHA1
773fcf8705a6e13102fabf00d96f7d7dfb63aeb8
-
SHA256
227ab09ecf6ffc8a7608421a44885cd21433adf98ea1dd4c5b54746dd765ef8e
-
SHA512
a9046086128f62da7947b85f4d3a6a79125b95836aec475fed29299016f8109581ad3ab30cd7362000d874ff7b252dc1c1807e5a047e7d8328a4c4473e0cadf4
Behavioral task
behavioral1
Sample
9844.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9844.xlsm
Resource
win10v20201028
Malware Config
Extracted
https://catedraloor.com/server.php
https://eurobones.com.br/server.php
Targets
-
-
Target
9844.xlsm
-
Size
25KB
-
MD5
a0b1853b1dc98e17e8b1040e9b14bc1f
-
SHA1
773fcf8705a6e13102fabf00d96f7d7dfb63aeb8
-
SHA256
227ab09ecf6ffc8a7608421a44885cd21433adf98ea1dd4c5b54746dd765ef8e
-
SHA512
a9046086128f62da7947b85f4d3a6a79125b95836aec475fed29299016f8109581ad3ab30cd7362000d874ff7b252dc1c1807e5a047e7d8328a4c4473e0cadf4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-