Compensation-1636332621-09272021.xls

General
Target

Compensation-1636332621-09272021.xls

Size

126KB

Sample

210927-slrmtahdbl

Score
10 /10
MD5

16ff3a934cc31ee7e4407caed8b5160b

SHA1

89bca4aae18925b44b7a6424567d15f8a0139c21

SHA256

7b9347900e27559ba3fcfe186a57ee8d28f8c949442a5d12a4bf9f7ed459114d

SHA512

f9dcb21be0c22d6e440e6ebeebfb70ee5229cf8bf2df8199a7b0d5fb57c8bfdbe459f763869108b3b48d2a93b0984115c63809a083349dc68e9ae0207dd3ce23

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.178/44466.6342006944.dat

xlm40.dropper

http://185.183.96.67/44466.6342006944.dat

xlm40.dropper

http://185.250.148.213/44466.6342006944.dat

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.178/44466.6343003472.dat

xlm40.dropper

http://185.183.96.67/44466.6343003472.dat

xlm40.dropper

http://185.250.148.213/44466.6343003472.dat

Targets
Target

Compensation-1636332621-09272021.xls

MD5

16ff3a934cc31ee7e4407caed8b5160b

Filesize

126KB

Score
10 /10
SHA1

89bca4aae18925b44b7a6424567d15f8a0139c21

SHA256

7b9347900e27559ba3fcfe186a57ee8d28f8c949442a5d12a4bf9f7ed459114d

SHA512

f9dcb21be0c22d6e440e6ebeebfb70ee5229cf8bf2df8199a7b0d5fb57c8bfdbe459f763869108b3b48d2a93b0984115c63809a083349dc68e9ae0207dd3ce23

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10