General

  • Target

    e07b50e20d1783da220f18bf0ec797d7c6503e948739d8e7e6a582536c02808f.xls

  • Size

    91KB

  • Sample

    221110-apl8dsdch6

  • MD5

    6e032eefd81d8a79dc9a5cd6a4ed7368

  • SHA1

    6b7215417beb3c3dac18f7f6787a2c06e8e39df0

  • SHA256

    e07b50e20d1783da220f18bf0ec797d7c6503e948739d8e7e6a582536c02808f

  • SHA512

    24754570c9e893cde64795c5927ed63b7076cc93a6df14a4482dd135cd8d0cd3494647bb2f3db2b68eff14af7fb3a334bb7178726dc5f41cf7d62f3bdecb410b

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJRQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fixoutlet.com/logs/OGlRuU/

xlm40.dropper

http://www.cesasin.com.ar/administrator/viA95RR/

xlm40.dropper

http://blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/

xlm40.dropper

http://case.co.il/_js/dooigYa/

Targets

    • Target

      e07b50e20d1783da220f18bf0ec797d7c6503e948739d8e7e6a582536c02808f.xls

    • Size

      91KB

    • MD5

      6e032eefd81d8a79dc9a5cd6a4ed7368

    • SHA1

      6b7215417beb3c3dac18f7f6787a2c06e8e39df0

    • SHA256

      e07b50e20d1783da220f18bf0ec797d7c6503e948739d8e7e6a582536c02808f

    • SHA512

      24754570c9e893cde64795c5927ed63b7076cc93a6df14a4482dd135cd8d0cd3494647bb2f3db2b68eff14af7fb3a334bb7178726dc5f41cf7d62f3bdecb410b

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJRQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks