General

  • Target

    eb2fc80d98e4078337385dd307510268b685ff61e841193d59ddd4ac798f38d5.xls

  • Size

    91KB

  • Sample

    221109-wqz2jacfdl

  • MD5

    da4b959952f7581e94b8eed872478c73

  • SHA1

    6f1c9ed6007d7ba610e2a8cad98987aa63529c2d

  • SHA256

    eb2fc80d98e4078337385dd307510268b685ff61e841193d59ddd4ac798f38d5

  • SHA512

    bf6e7e32602cfcce38d3a370d7aa80e7ee795bda435ff2ca3ebf5dc31fe415189204e9569a8ffbacdf194df3e541ea791005511385689c9d2827b88ad71826f2

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4Z8EM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/

xlm40.dropper

http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/

xlm40.dropper

https://wijsneusmedia.nl/cgi-bin/kFB/

xlm40.dropper

http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/

Targets

    • Target

      eb2fc80d98e4078337385dd307510268b685ff61e841193d59ddd4ac798f38d5.xls

    • Size

      91KB

    • MD5

      da4b959952f7581e94b8eed872478c73

    • SHA1

      6f1c9ed6007d7ba610e2a8cad98987aa63529c2d

    • SHA256

      eb2fc80d98e4078337385dd307510268b685ff61e841193d59ddd4ac798f38d5

    • SHA512

      bf6e7e32602cfcce38d3a370d7aa80e7ee795bda435ff2ca3ebf5dc31fe415189204e9569a8ffbacdf194df3e541ea791005511385689c9d2827b88ad71826f2

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4Z8EM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks