General
-
Target
652.xlsm
-
Size
25KB
-
Sample
210311-6w3syyk67n
-
MD5
4c9fd77bd706ce1575c060b7eaae1b6d
-
SHA1
793ebfe97b17c063555155c04a953ee90e1535cd
-
SHA256
df5ee36ad0c3ddabffd52a8334e37d8c10f7ab9162a492e9fc058a91769a2f65
-
SHA512
51f1e39437d4b7ab556a5888f68e8675a92a3bcd2b0d0813de581bc74e38d3d6ee40051452c64fe721160ed5f3e606f364e585586899198420205ea97c546ea8
Behavioral task
behavioral1
Sample
652.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
652.xlsm
Resource
win10v20201028
Malware Config
Extracted
https://fernandogaleano.com/server.php
https://tcommerceshop.com/server.php
Targets
-
-
Target
652.xlsm
-
Size
25KB
-
MD5
4c9fd77bd706ce1575c060b7eaae1b6d
-
SHA1
793ebfe97b17c063555155c04a953ee90e1535cd
-
SHA256
df5ee36ad0c3ddabffd52a8334e37d8c10f7ab9162a492e9fc058a91769a2f65
-
SHA512
51f1e39437d4b7ab556a5888f68e8675a92a3bcd2b0d0813de581bc74e38d3d6ee40051452c64fe721160ed5f3e606f364e585586899198420205ea97c546ea8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-