General

  • Target

    0f66003ac304ffa032e846ad8f7349125b4efdc3260d6bd74771e688568463a3.xls

  • Size

    95KB

  • Sample

    220707-eehvfaeha4

  • MD5

    bd4b08eff8e72025566031778251ad8d

  • SHA1

    759fb0b7c479f602267633125efb9dff5d5cbd2c

  • SHA256

    0f66003ac304ffa032e846ad8f7349125b4efdc3260d6bd74771e688568463a3

  • SHA512

    8c60482ca8094eeb490b5be1be051f13f0f948f3d6b8dc63bbbd3cf6a82e8db5050c819da33620908f3d8458192c78b9224c20364011efc85ea9afec2d35275b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.sunflowerlaboratory.in/fonts/79Tq62ly/

xlm40.dropper

http://dirigent.co.uk/vardagsekonomi/iC36jJ4J1cf/

xlm40.dropper

http://agtrade.hu/images/kiQYmOs2tSKq/

xlm40.dropper

https://www.zachboyle.com/wp-admin/EA470ZrTGNkuA/

Targets

    • Target

      0f66003ac304ffa032e846ad8f7349125b4efdc3260d6bd74771e688568463a3.xls

    • Size

      95KB

    • MD5

      bd4b08eff8e72025566031778251ad8d

    • SHA1

      759fb0b7c479f602267633125efb9dff5d5cbd2c

    • SHA256

      0f66003ac304ffa032e846ad8f7349125b4efdc3260d6bd74771e688568463a3

    • SHA512

      8c60482ca8094eeb490b5be1be051f13f0f948f3d6b8dc63bbbd3cf6a82e8db5050c819da33620908f3d8458192c78b9224c20364011efc85ea9afec2d35275b

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks