General

  • Target

    4170fd2e1e20be004dc4fb1490bd16ce9bd092ec9d1048e6ac0a63d10c7ba255.xlsm

  • Size

    49KB

  • Sample

    220303-v1eb5scab7

  • MD5

    40a87ae0ee6c9d8647c8ad1b680e0e87

  • SHA1

    12e762de276e8ce77a27fc56d135833a29f161d5

  • SHA256

    4170fd2e1e20be004dc4fb1490bd16ce9bd092ec9d1048e6ac0a63d10c7ba255

  • SHA512

    7b16347ae4ce7b7ec7bef05b00d1ca00534720c19a29165ca92f5fb704408350ff58c2e2f8c5e7d3538c509cdff518a7cb880776cfdf5f9c61b05c646cb40dce

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fe1.html

Targets

    • Target

      4170fd2e1e20be004dc4fb1490bd16ce9bd092ec9d1048e6ac0a63d10c7ba255.xlsm

    • Size

      49KB

    • MD5

      40a87ae0ee6c9d8647c8ad1b680e0e87

    • SHA1

      12e762de276e8ce77a27fc56d135833a29f161d5

    • SHA256

      4170fd2e1e20be004dc4fb1490bd16ce9bd092ec9d1048e6ac0a63d10c7ba255

    • SHA512

      7b16347ae4ce7b7ec7bef05b00d1ca00534720c19a29165ca92f5fb704408350ff58c2e2f8c5e7d3538c509cdff518a7cb880776cfdf5f9c61b05c646cb40dce

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks