General

  • Target

    b8ecdf8abced3289897d421af8aff8e460d1ceee871d59961ee56e9bb0543cc0.xls

  • Size

    95KB

  • Sample

    220707-eadd6acegk

  • MD5

    5f391e470891a0c6fa841abe3a30e8bb

  • SHA1

    1be9a0dfabf23bf88334a8a4513778d4d0d02fac

  • SHA256

    b8ecdf8abced3289897d421af8aff8e460d1ceee871d59961ee56e9bb0543cc0

  • SHA512

    664838d59279d9fdf6b151fe621fd60089c469acf77369e581d67016ee0977c7f2567fd5d68f8f9834ee1acc2e9a413fb17aebd8737f4b1f6fd07e6b69d831f0

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.sunflowerlaboratory.in/fonts/79Tq62ly/

xlm40.dropper

http://dirigent.co.uk/vardagsekonomi/iC36jJ4J1cf/

xlm40.dropper

http://agtrade.hu/images/kiQYmOs2tSKq/

xlm40.dropper

https://www.zachboyle.com/wp-admin/EA470ZrTGNkuA/

Targets

    • Target

      b8ecdf8abced3289897d421af8aff8e460d1ceee871d59961ee56e9bb0543cc0.xls

    • Size

      95KB

    • MD5

      5f391e470891a0c6fa841abe3a30e8bb

    • SHA1

      1be9a0dfabf23bf88334a8a4513778d4d0d02fac

    • SHA256

      b8ecdf8abced3289897d421af8aff8e460d1ceee871d59961ee56e9bb0543cc0

    • SHA512

      664838d59279d9fdf6b151fe621fd60089c469acf77369e581d67016ee0977c7f2567fd5d68f8f9834ee1acc2e9a413fb17aebd8737f4b1f6fd07e6b69d831f0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks