General

  • Target

    Complaint-Letter-641255205-03102021.zip

  • Size

    50KB

  • Sample

    210311-nkvxz81age

  • MD5

    e61dfa64c54e8219e2839226e144da62

  • SHA1

    70bc8a8e02694a546de31df1707613e4ec15026c

  • SHA256

    10dcbbb94986d7078525942a32e1ce7a5994db855d91dfb6bc0af4454c275d00

  • SHA512

    6384b6f36ec270552d45e922b067543e10b2505426ba2aad2c43f9112b7148b427905253c08e72eeb288e6852f5c3d4fbdb3a65e9198ae150c7ba5c4fd0db9b1

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://oracledispatch.com/pijxju/44266.5810969907.dat

xlm40.dropper

http://alvaelectrical.ir/jfvrrvwxrsv/44266.5810969907.dat

xlm40.dropper

http://www.bekagayrimenkul.com/xtgudsvqubbk/44266.5810969907.dat

xlm40.dropper

http://civil-group.ir/rvnhdtkyxgu/44266.5810969907.dat

xlm40.dropper

http://kumarpropack.com/jdvcnedwvpr/44266.5810969907.dat

Targets

    • Target

      Complaint-Letter-641255205-03102021.xls

    • Size

      281KB

    • MD5

      e0ba5c610d3096ff98c2ff1d683b7f8e

    • SHA1

      cf72fda2892d65a37e710de892672ba75ade3694

    • SHA256

      f27b807a56b6166eb9ae91a78ecfbf9abba29fa83970ff81c2ae23aa67df3eae

    • SHA512

      97597ccf03e75ddbef2e7f9b25121767dc3a8fb7346f9209cfbfc639449e05edf2832f67ec64e3e8e3e9a60fe820c22b069a39d961abe3ac4bfb579ffa3e2a17

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks