General

  • Target

    171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls

  • Size

    91KB

  • Sample

    221110-l3tp6sagdn

  • MD5

    615c0f98a819fa4e7d84b8b6047488fe

  • SHA1

    559c64b9c80aeee18adb189fb7867de1d7b2ee28

  • SHA256

    171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2

  • SHA512

    076ad8f27503ffea1e527f2db4d0f6c8072fc934490582d3637bd0307c1bf0e0a00b094c60e4c88bddca0efc4e8818718d1810bd4ad2175436c460a081cd7e49

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

Targets

    • Target

      171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2.xls

    • Size

      91KB

    • MD5

      615c0f98a819fa4e7d84b8b6047488fe

    • SHA1

      559c64b9c80aeee18adb189fb7867de1d7b2ee28

    • SHA256

      171296e7f5a49cd54d446f7f4db86cd8484b619ce2f07029a38ac6a3a145b5f2

    • SHA512

      076ad8f27503ffea1e527f2db4d0f6c8072fc934490582d3637bd0307c1bf0e0a00b094c60e4c88bddca0efc4e8818718d1810bd4ad2175436c460a081cd7e49

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks