General
-
Target
MV_TBN_VSL_PARTLS.xlsm
-
Size
144KB
-
Sample
211021-p5g1yaacg2
-
MD5
c76da7df89d423cd538fd71870b4802a
-
SHA1
de839678680efd2553571f5fcbac0641a6899f3b
-
SHA256
98a76f0a67003483f167a270a6deb91bb10503f2b3482077efa09f11717faf7f
-
SHA512
adb8e873e10073d7df196be323e011eb9a0b41fb28f444bbf5ce56f6416dde5b3e849d5ae64e0ec75eebeea69756b1805d2c06430d7943ffbbc1f46b64092474
Static task
static1
Behavioral task
behavioral1
Sample
MV_TBN_VSL_PARTLS.xlsm
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
MV_TBN_VSL_PARTLS.xlsm
Resource
win10-en-20210920
Malware Config
Extracted
http://3.64.251.139/vr/r/Az4P9gzPgEuPau5wQ3nh.exe
Targets
-
-
Target
MV_TBN_VSL_PARTLS.xlsm
-
Size
144KB
-
MD5
c76da7df89d423cd538fd71870b4802a
-
SHA1
de839678680efd2553571f5fcbac0641a6899f3b
-
SHA256
98a76f0a67003483f167a270a6deb91bb10503f2b3482077efa09f11717faf7f
-
SHA512
adb8e873e10073d7df196be323e011eb9a0b41fb28f444bbf5ce56f6416dde5b3e849d5ae64e0ec75eebeea69756b1805d2c06430d7943ffbbc1f46b64092474
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Deletes itself
-