General

  • Target

    0348f32d5d0e81a2f47af168847430122e7d59fde57ff5902e51b3aee9a8f50b.xls

  • Size

    91KB

  • Sample

    221110-a8k5fadeb3

  • MD5

    b4eaf2436074e7802333cc00806ae597

  • SHA1

    960e5bedc9d1603d9a114a87ef46f6729b2598b5

  • SHA256

    0348f32d5d0e81a2f47af168847430122e7d59fde57ff5902e51b3aee9a8f50b

  • SHA512

    288bf4af8cbf33833f5fad9fcbbda3fc03dd61c16db4d9667ee270468d5b0f0e2d66c0db17302055d0fd65f2dce6d8242e209b72322702647e26ca0343d06ca5

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZyX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://encuadernacionesartis.com/Vk2Z1Na/IZpyySkbU/

xlm40.dropper

http://eznetb.synology.me/@eaDir/E36Y/

xlm40.dropper

http://bytesendesign.nl/cgi-bin/LolX/

xlm40.dropper

http://choltice.eu/mwc/syl3Y/

Targets

    • Target

      0348f32d5d0e81a2f47af168847430122e7d59fde57ff5902e51b3aee9a8f50b.xls

    • Size

      91KB

    • MD5

      b4eaf2436074e7802333cc00806ae597

    • SHA1

      960e5bedc9d1603d9a114a87ef46f6729b2598b5

    • SHA256

      0348f32d5d0e81a2f47af168847430122e7d59fde57ff5902e51b3aee9a8f50b

    • SHA512

      288bf4af8cbf33833f5fad9fcbbda3fc03dd61c16db4d9667ee270468d5b0f0e2d66c0db17302055d0fd65f2dce6d8242e209b72322702647e26ca0343d06ca5

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZyX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks