Overview

overview

10

Static

static

8

Debt-Detai...1.xlsm

windows7_x64

10

Debt-Detai...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29642a52_by_Libranalysis

  • Size

    149KB

  • Sample

    210513-ym5m9ndbna

  • MD5

    29642a52c69b11b300d0dabdf329f7a4

  • SHA1

    6c67244781ce681efcc91509e11a8b7b6674761f

  • SHA256

    df736c65102b439ed2a67b0127a53a6060bb3cde8789939df6cae4d50757d9a8

  • SHA512

    8a38cbc881703ee55668e2943498a2f504f46e552c2f88ad9a044d2c80f8a74617573bff7c705fa5a73d4c3fb8fc245975d9a1e620d8560910e2d875999032df

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://185.183.96.233/44329.668062037.dat
xlm40.dropper

http://51.89.115.125/44329.668062037.dat
xlm40.dropper

http://190.14.37.64/44329.668062037.dat

Targets

    • Target

      Debt-Details-698741579-05132021.xlsm

    • Size

      196KB

    • MD5

      7d72561c232be5c84dac3347a01f19a6

    • SHA1

      8e3a62d6b1cc2181a8ca0a33141ebf215f7e3309

    • SHA256

      1329edeee1543682fc17be0192ba0e95783f926259318c3a214402e5b0123dad

    • SHA512

      cc693bc373650891c63c9e73f93ba6cd40ee98c9e09556d6abd8573fb68d05ab406c75ece7f41a2df2e08739bde5d2bc565db62607a51c8c3ae883cd795d07b9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks