General

  • Target

    2c56039d9e64e22bcf397bd7b686bf3c33c286b8feb57b5e18cd2cce712fa0f5.xls

  • Size

    91KB

  • Sample

    221110-becrmsdee8

  • MD5

    36a79280902ab92fd393eb872c851b78

  • SHA1

    ca70b7af425307a6530fbfae048c5e45436941a7

  • SHA256

    2c56039d9e64e22bcf397bd7b686bf3c33c286b8feb57b5e18cd2cce712fa0f5

  • SHA512

    834279ffd3b324aaa350a3ab3262395c701d4c58fcd58ee8b5c256501fcbcd745dc45d81d4ebd7d840c62a55efcc7a09709b56c713c04dcb5838f953d2a35213

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJBQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgN

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fixoutlet.com/logs/OGlRuU/

xlm40.dropper

http://www.cesasin.com.ar/administrator/viA95RR/

xlm40.dropper

http://blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/

xlm40.dropper

http://case.co.il/_js/dooigYa/

Targets

    • Target

      2c56039d9e64e22bcf397bd7b686bf3c33c286b8feb57b5e18cd2cce712fa0f5.xls

    • Size

      91KB

    • MD5

      36a79280902ab92fd393eb872c851b78

    • SHA1

      ca70b7af425307a6530fbfae048c5e45436941a7

    • SHA256

      2c56039d9e64e22bcf397bd7b686bf3c33c286b8feb57b5e18cd2cce712fa0f5

    • SHA512

      834279ffd3b324aaa350a3ab3262395c701d4c58fcd58ee8b5c256501fcbcd745dc45d81d4ebd7d840c62a55efcc7a09709b56c713c04dcb5838f953d2a35213

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJBQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgN

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks