General

  • Target

    561b85443dbcdcd982989820557546a99036b270dd6cf184708cad109f1715d8.xls

  • Size

    91KB

  • Sample

    221110-l94hysghf3

  • MD5

    91ce864931d0058289fe2962a36648b7

  • SHA1

    6fbd9a3564da0b25963400d3243ea699fb8d2d53

  • SHA256

    561b85443dbcdcd982989820557546a99036b270dd6cf184708cad109f1715d8

  • SHA512

    463b900ad71b48da422cce4dee3e183ac08e46ccd59161379875d9d376e327b30aa1935a521414167ae62c3a11b4f30c3f6ce8590f6dd5949f5838e978e1de01

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      561b85443dbcdcd982989820557546a99036b270dd6cf184708cad109f1715d8.xls

    • Size

      91KB

    • MD5

      91ce864931d0058289fe2962a36648b7

    • SHA1

      6fbd9a3564da0b25963400d3243ea699fb8d2d53

    • SHA256

      561b85443dbcdcd982989820557546a99036b270dd6cf184708cad109f1715d8

    • SHA512

      463b900ad71b48da422cce4dee3e183ac08e46ccd59161379875d9d376e327b30aa1935a521414167ae62c3a11b4f30c3f6ce8590f6dd5949f5838e978e1de01

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks