Overview

overview

10

Static

static

8

Cu1QR2z38E...V.xlsm

windows7_x64

10

Cu1QR2z38E...V.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cu1QR2z38E4W2NgQHfqV.xlsm

  • Size

    86KB

  • Sample

    210505-rcetwslzqn

  • MD5

    e0cc41db104dd584ec0892a6d9272857

  • SHA1

    6981c956a823237fdf70f7991c1e26e3f717c2bf

  • SHA256

    7e2a11cecbc2923948aadee268e34f62c2d6e661986e52ae495358a24b64bcfe

  • SHA512

    475edf003707a8146f986501598a16b97db8b5b2137a3ed2ac1188a90b311d70de7870d6aa0ffa60e2b60006091c1749a6cef733300f26385ab7a0f4ef8c07fd

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://thersnyc.com/fxcS6exSJr0/04.html
xlm40.dropper

https://justverify.online/ZKrubZZn5V/04.html

Targets

    • Target

      Cu1QR2z38E4W2NgQHfqV.xlsm

    • Size

      86KB

    • MD5

      e0cc41db104dd584ec0892a6d9272857

    • SHA1

      6981c956a823237fdf70f7991c1e26e3f717c2bf

    • SHA256

      7e2a11cecbc2923948aadee268e34f62c2d6e661986e52ae495358a24b64bcfe

    • SHA512

      475edf003707a8146f986501598a16b97db8b5b2137a3ed2ac1188a90b311d70de7870d6aa0ffa60e2b60006091c1749a6cef733300f26385ab7a0f4ef8c07fd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks