General

  • Target

    58ed24e2f3a8899959da10ce477e96e4df367b75620d7266a072ad97d6044db1.xls

  • Size

    91KB

  • Sample

    221110-l52hssghc2

  • MD5

    87cb23924195895ab01b5b7c21bc9459

  • SHA1

    4945174aea9cf187624c1dfb74513a5f82a120c2

  • SHA256

    58ed24e2f3a8899959da10ce477e96e4df367b75620d7266a072ad97d6044db1

  • SHA512

    c2f686a5c27278a54911450965013c359dbfcb19446191819060d919904adfaeac67068cf56cb0163ac26cb8b1a70af7ca9b0d90793f50d93690431dd695b123

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      58ed24e2f3a8899959da10ce477e96e4df367b75620d7266a072ad97d6044db1.xls

    • Size

      91KB

    • MD5

      87cb23924195895ab01b5b7c21bc9459

    • SHA1

      4945174aea9cf187624c1dfb74513a5f82a120c2

    • SHA256

      58ed24e2f3a8899959da10ce477e96e4df367b75620d7266a072ad97d6044db1

    • SHA512

      c2f686a5c27278a54911450965013c359dbfcb19446191819060d919904adfaeac67068cf56cb0163ac26cb8b1a70af7ca9b0d90793f50d93690431dd695b123

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks