General
-
Target
3809-2.xlsm
-
Size
25KB
-
Sample
210311-yhp383crcj
-
MD5
2d57de1a25569af5717cbd3d5c0c4b90
-
SHA1
5d1d7650334b1d2b55719ae5fcfa993d1eeef06b
-
SHA256
694376d61c9a207851d59f6f219bea60c2a0fb514e9826a53ce69370713c3777
-
SHA512
75ed66dc1807e18b7b4fbf89646bd78231865900e1541e58a4055b001d14688da27d312ed9c13fd9f440f0ffd2b5afc4e91a50ccf9867630e8e9da2b70b3fe7e
Behavioral task
behavioral1
Sample
3809-2.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3809-2.xlsm
Resource
win10v20201028
Malware Config
Extracted
https://tcommerceshop.com/server.php
https://fernandogaleano.com/server.php
Targets
-
-
Target
3809-2.xlsm
-
Size
25KB
-
MD5
2d57de1a25569af5717cbd3d5c0c4b90
-
SHA1
5d1d7650334b1d2b55719ae5fcfa993d1eeef06b
-
SHA256
694376d61c9a207851d59f6f219bea60c2a0fb514e9826a53ce69370713c3777
-
SHA512
75ed66dc1807e18b7b4fbf89646bd78231865900e1541e58a4055b001d14688da27d312ed9c13fd9f440f0ffd2b5afc4e91a50ccf9867630e8e9da2b70b3fe7e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-