General

  • Target

    1bfcd34f2663c04747f0ceb59f6d3d301dd450f525834b6cf8211f99f3039c90.xls

  • Size

    91KB

  • Sample

    221110-l6nckaghc3

  • MD5

    cc73e9fdb0426c4a021f6fdc09416c58

  • SHA1

    74076265ec6aa1079836959c851a9e71b8451e3a

  • SHA256

    1bfcd34f2663c04747f0ceb59f6d3d301dd450f525834b6cf8211f99f3039c90

  • SHA512

    73f357d71845db75733d8d61d5f808a92db9d8ff0a2c301e18de305365433efa439fb1a33966728b947af42593f418131ddf08cc3a70e31f8f306541c9b40079

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      1bfcd34f2663c04747f0ceb59f6d3d301dd450f525834b6cf8211f99f3039c90.xls

    • Size

      91KB

    • MD5

      cc73e9fdb0426c4a021f6fdc09416c58

    • SHA1

      74076265ec6aa1079836959c851a9e71b8451e3a

    • SHA256

      1bfcd34f2663c04747f0ceb59f6d3d301dd450f525834b6cf8211f99f3039c90

    • SHA512

      73f357d71845db75733d8d61d5f808a92db9d8ff0a2c301e18de305365433efa439fb1a33966728b947af42593f418131ddf08cc3a70e31f8f306541c9b40079

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks