General

  • Target

    f161fd2e64317a191866944c3cb3850c54b0401398d7b935fcf3b9e78005de45.xls

  • Size

    91KB

  • Sample

    221110-batjlafcar

  • MD5

    2c9fb02e9b7170a8a1e4b6028ffefbf5

  • SHA1

    a3a8b106d745c1ff3a68cba4a2fac8aa255695de

  • SHA256

    f161fd2e64317a191866944c3cb3850c54b0401398d7b935fcf3b9e78005de45

  • SHA512

    0c7addeebdce91ebe2c47557094e302e671db8204cd95bc6549ef5addeabe6798be3035468b6f57107fd0fa9feb0c8644af180f30518e7156cc677c9e7697251

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJFQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fixoutlet.com/logs/OGlRuU/

xlm40.dropper

http://www.cesasin.com.ar/administrator/viA95RR/

xlm40.dropper

http://blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/

xlm40.dropper

http://case.co.il/_js/dooigYa/

Targets

    • Target

      f161fd2e64317a191866944c3cb3850c54b0401398d7b935fcf3b9e78005de45.xls

    • Size

      91KB

    • MD5

      2c9fb02e9b7170a8a1e4b6028ffefbf5

    • SHA1

      a3a8b106d745c1ff3a68cba4a2fac8aa255695de

    • SHA256

      f161fd2e64317a191866944c3cb3850c54b0401398d7b935fcf3b9e78005de45

    • SHA512

      0c7addeebdce91ebe2c47557094e302e671db8204cd95bc6549ef5addeabe6798be3035468b6f57107fd0fa9feb0c8644af180f30518e7156cc677c9e7697251

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJFQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks