Overview

overview

10

Static

static

8

xlsKami_infect.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xlsKami_infect.xls

  • Size

    19KB

  • Sample

    221018-22qvwsefcm

  • MD5

    cdeb779d95c6f19cf390d4dbadf12297

  • SHA1

    dd10513aa939df318e5bc20bf8a8858384c6fd39

  • SHA256

    8a4359a260e1aed19c98ad412cbd082575376099a401236c2281457287fc41ae

  • SHA512

    feec736a9ebd84550a51842511d18434c76d7bd7f12571ef34221a02d17b9bd3238727476c9430cb7b3def56d7198e7660e8e1f751cf7f35701dd97562ec4f44

  • SSDEEP

    384:mf5H+k3hOdsylLOlyvxopeiJTNhZFGzETqcL44KgltBAWs1iSo7KlIl9:wh+k3hOdsylKlgxopeiBNhZFGzE+cL4w

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://github.com/cyberisltd/NcatPortable/raw/master/ncat.exe

Targets

    • Target

      xlsKami_infect.xls

    • Size

      19KB

    • MD5

      cdeb779d95c6f19cf390d4dbadf12297

    • SHA1

      dd10513aa939df318e5bc20bf8a8858384c6fd39

    • SHA256

      8a4359a260e1aed19c98ad412cbd082575376099a401236c2281457287fc41ae

    • SHA512

      feec736a9ebd84550a51842511d18434c76d7bd7f12571ef34221a02d17b9bd3238727476c9430cb7b3def56d7198e7660e8e1f751cf7f35701dd97562ec4f44

    • SSDEEP

      384:mf5H+k3hOdsylLOlyvxopeiJTNhZFGzETqcL44KgltBAWs1iSo7KlIl9:wh+k3hOdsylKlgxopeiBNhZFGzE+cL4w

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks