General
-
Target
3741.xlsm
-
Size
25KB
-
Sample
210311-dth236jmzn
-
MD5
c3dbd59f0fbea52b29054e009ceb9d0d
-
SHA1
639592d885f5c7dd3fdcd2987883985d1cb4e6a9
-
SHA256
6fd4e8614714081b43ee0a3ac097e228ee1ddb7829e9c64ecc8b35bf5a5cd575
-
SHA512
39a8ca3f869b71f02abcc184af3bbc20adb3e2d9b871cdd3d10f975b0485e88d5161b1f1b0c7594b3ce3c7223ac0895607481b579c15791b24989b667b4e10ca
Behavioral task
behavioral1
Sample
3741.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3741.xlsm
Resource
win10v20201028
Malware Config
Extracted
https://tcommerceshop.com/server.php
https://fernandogaleano.com/server.php
Targets
-
-
Target
3741.xlsm
-
Size
25KB
-
MD5
c3dbd59f0fbea52b29054e009ceb9d0d
-
SHA1
639592d885f5c7dd3fdcd2987883985d1cb4e6a9
-
SHA256
6fd4e8614714081b43ee0a3ac097e228ee1ddb7829e9c64ecc8b35bf5a5cd575
-
SHA512
39a8ca3f869b71f02abcc184af3bbc20adb3e2d9b871cdd3d10f975b0485e88d5161b1f1b0c7594b3ce3c7223ac0895607481b579c15791b24989b667b4e10ca
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-