General
-
Target
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls
-
Size
91KB
-
Sample
221110-l3tp6sagdn
-
MD5
615c0f98a819fa4e7d84b8b6047488fe
-
SHA1
559c64b9c80aeee18adb189fb7867de1d7b2ee28
-
SHA256
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2
-
SHA512
076ad8f27503ffea1e527f2db4d0f6c8072fc934490582d3637bd0307c1bf0e0a00b094c60e4c88bddca0efc4e8818718d1810bd4ad2175436c460a081cd7e49
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG
Behavioral task
behavioral1
Sample
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls
Resource
win10-20220812-en
Malware Config
Extracted
https://bosny.com/aspnet_client/R50QIOGjmvVlr/
http://navylin.com/autopoisonous/4fZQW/
http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/
http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/
Extracted
https://bosny.com/aspnet_client/R50QIOGjmvVlr/
Targets
-
-
Target
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls
-
Size
91KB
-
MD5
615c0f98a819fa4e7d84b8b6047488fe
-
SHA1
559c64b9c80aeee18adb189fb7867de1d7b2ee28
-
SHA256
171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2
-
SHA512
076ad8f27503ffea1e527f2db4d0f6c8072fc934490582d3637bd0307c1bf0e0a00b094c60e4c88bddca0efc4e8818718d1810bd4ad2175436c460a081cd7e49
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-