General

  • Target

    8468b3ffc49d173c1ebf31f15bf978fe4590167536d4142fa4d91ef3cd5fd4c2.xls

  • Size

    91KB

  • Sample

    221109-wtppzabaf4

  • MD5

    a5a66eb9a644a306a86272b52f1bd633

  • SHA1

    3068f38b60b2ec30d4244d7430c3cb3ae8ead523

  • SHA256

    8468b3ffc49d173c1ebf31f15bf978fe4590167536d4142fa4d91ef3cd5fd4c2

  • SHA512

    2f62bd1408185324a7c36be994c72ac2dc663bf47401b9dc3312b855338fd6bf58609db9522f322679e1b68ae64828a2f701d7684cc74d1448ca5978b4ce8fda

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4ZQEM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgp

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/

xlm40.dropper

http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/

xlm40.dropper

https://wijsneusmedia.nl/cgi-bin/kFB/

xlm40.dropper

http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/

Targets

    • Target

      8468b3ffc49d173c1ebf31f15bf978fe4590167536d4142fa4d91ef3cd5fd4c2.xls

    • Size

      91KB

    • MD5

      a5a66eb9a644a306a86272b52f1bd633

    • SHA1

      3068f38b60b2ec30d4244d7430c3cb3ae8ead523

    • SHA256

      8468b3ffc49d173c1ebf31f15bf978fe4590167536d4142fa4d91ef3cd5fd4c2

    • SHA512

      2f62bd1408185324a7c36be994c72ac2dc663bf47401b9dc3312b855338fd6bf58609db9522f322679e1b68ae64828a2f701d7684cc74d1448ca5978b4ce8fda

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEbCXuZH4gb4CEn9J4ZQEM:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgp

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks