General

  • Target

    ab6bf65bc625e483cb4a70ddc175441b32a43371de55cc7e62e471523e3c9590.xls

  • Size

    91KB

  • Sample

    221109-v7j6zaagh8

  • MD5

    34e91e54dccb9ec6593a6b1ffd06e7f1

  • SHA1

    5ac97ab8cf8e39e2e91005cb07eafb7f0bd2be19

  • SHA256

    ab6bf65bc625e483cb4a70ddc175441b32a43371de55cc7e62e471523e3c9590

  • SHA512

    7e6723b7b778bbb70eb0319b9591ab7d91cdb7d6c970ab30edaf14579ded4599998176ce5e71454ce409ddb81f56c8d9b26ba2e283a047525c63e904ad6f2b50

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4ZAEM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/

xlm40.dropper

http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/

xlm40.dropper

https://wijsneusmedia.nl/cgi-bin/kFB/

xlm40.dropper

http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/

Targets

    • Target

      ab6bf65bc625e483cb4a70ddc175441b32a43371de55cc7e62e471523e3c9590.xls

    • Size

      91KB

    • MD5

      34e91e54dccb9ec6593a6b1ffd06e7f1

    • SHA1

      5ac97ab8cf8e39e2e91005cb07eafb7f0bd2be19

    • SHA256

      ab6bf65bc625e483cb4a70ddc175441b32a43371de55cc7e62e471523e3c9590

    • SHA512

      7e6723b7b778bbb70eb0319b9591ab7d91cdb7d6c970ab30edaf14579ded4599998176ce5e71454ce409ddb81f56c8d9b26ba2e283a047525c63e904ad6f2b50

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4ZAEM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks