General

  • Target

    ef16379c9717db4aca1de752e6a9edefe69fb22d5c3ab28b846aa8e08a1f2385.xls

  • Size

    91KB

  • Sample

    221110-bcsebafccj

  • MD5

    492890ab383cf13a522d67976dae957c

  • SHA1

    5f90b8d5567e708ab55d5534b772c1cf09ffd060

  • SHA256

    ef16379c9717db4aca1de752e6a9edefe69fb22d5c3ab28b846aa8e08a1f2385

  • SHA512

    5cd8f5a94e902edf9ec43c54817154bff4485c4edb0f718fa913c825a71aeff1c132e533c2d47a36346ea28d3ed305041f7e518e24f72545f6261c665db9c7e4

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZWX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgi

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://encuadernacionesartis.com/Vk2Z1Na/IZpyySkbU/

xlm40.dropper

http://eznetb.synology.me/@eaDir/E36Y/

xlm40.dropper

http://bytesendesign.nl/cgi-bin/LolX/

xlm40.dropper

http://choltice.eu/mwc/syl3Y/

Targets

    • Target

      ef16379c9717db4aca1de752e6a9edefe69fb22d5c3ab28b846aa8e08a1f2385.xls

    • Size

      91KB

    • MD5

      492890ab383cf13a522d67976dae957c

    • SHA1

      5f90b8d5567e708ab55d5534b772c1cf09ffd060

    • SHA256

      ef16379c9717db4aca1de752e6a9edefe69fb22d5c3ab28b846aa8e08a1f2385

    • SHA512

      5cd8f5a94e902edf9ec43c54817154bff4485c4edb0f718fa913c825a71aeff1c132e533c2d47a36346ea28d3ed305041f7e518e24f72545f6261c665db9c7e4

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbCXuZH4gb4CEn9J4ZWX3O:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgi

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks