General
-
Target
546451v.xlsm
-
Size
25KB
-
Sample
210312-jtx7pmxlj6
-
MD5
a34e3895790b5e02fb75857ea72a8e33
-
SHA1
bbb1d5e04affd8ebb339b3f274ce9a1dde63134a
-
SHA256
0b793f9d216f024e42965f49e9ad5a8b4faa3b3ee264d75d2e0ffd1521e1381d
-
SHA512
291faaf946d51562c7f639fe546c1d4de1cdce0ebd3d4fed26b15bf43f9f4baed65cf94010bbfbbc3fb48948726b002bbdb17d140a205f5243106bed3cd3812f
Behavioral task
behavioral1
Sample
546451v.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
546451v.xlsm
Resource
win10v20201028
Malware Config
Extracted
https://fernandogaleano.com/server.php
https://tcommerceshop.com/server.php
Targets
-
-
Target
546451v.xlsm
-
Size
25KB
-
MD5
a34e3895790b5e02fb75857ea72a8e33
-
SHA1
bbb1d5e04affd8ebb339b3f274ce9a1dde63134a
-
SHA256
0b793f9d216f024e42965f49e9ad5a8b4faa3b3ee264d75d2e0ffd1521e1381d
-
SHA512
291faaf946d51562c7f639fe546c1d4de1cdce0ebd3d4fed26b15bf43f9f4baed65cf94010bbfbbc3fb48948726b002bbdb17d140a205f5243106bed3cd3812f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-