General

  • Target

    861be49ee659b50b073e7d6c1074b5db21253729a1eb8dd632e93963f3204eb6.xls

  • Size

    91KB

  • Sample

    221110-l1jgesggf9

  • MD5

    5f2aeff098ddfed65145dd16c9436fe9

  • SHA1

    4d9117d69b0f7668e68ff104f754650da45582ce

  • SHA256

    861be49ee659b50b073e7d6c1074b5db21253729a1eb8dd632e93963f3204eb6

  • SHA512

    f73d83791f33c3d4088b1eb2c4e2f79896bf008473dd1fdfa95057964153e2cad6ea5d3192e70c0951118524eacac4a005b808437ac3ae364fb358a859ed3491

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4Z3z3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      861be49ee659b50b073e7d6c1074b5db21253729a1eb8dd632e93963f3204eb6.xls

    • Size

      91KB

    • MD5

      5f2aeff098ddfed65145dd16c9436fe9

    • SHA1

      4d9117d69b0f7668e68ff104f754650da45582ce

    • SHA256

      861be49ee659b50b073e7d6c1074b5db21253729a1eb8dd632e93963f3204eb6

    • SHA512

      f73d83791f33c3d4088b1eb2c4e2f79896bf008473dd1fdfa95057964153e2cad6ea5d3192e70c0951118524eacac4a005b808437ac3ae364fb358a859ed3491

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4Z3z3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks