General

  • Target

    967cc65bbf8c4b649206fd9b9fb1c82eee7f3254d2add0c9fd6d6f55148849c0.xls

  • Size

    91KB

  • Sample

    221110-lep23saedn

  • MD5

    ced3f58889d39c5fcbaacb8d908a00b9

  • SHA1

    a34ac52fd7ce899fa8093474c8d665b8db49bef0

  • SHA256

    967cc65bbf8c4b649206fd9b9fb1c82eee7f3254d2add0c9fd6d6f55148849c0

  • SHA512

    8c726cd4e7a5238b3ea778ce07d629f810ce59a8a877a8840dca0ff13b46ef038e2902fe35bf9657e52252898205f0fd76b2c0c8d361b5772a4a6a6fa8af8ede

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      967cc65bbf8c4b649206fd9b9fb1c82eee7f3254d2add0c9fd6d6f55148849c0.xls

    • Size

      91KB

    • MD5

      ced3f58889d39c5fcbaacb8d908a00b9

    • SHA1

      a34ac52fd7ce899fa8093474c8d665b8db49bef0

    • SHA256

      967cc65bbf8c4b649206fd9b9fb1c82eee7f3254d2add0c9fd6d6f55148849c0

    • SHA512

      8c726cd4e7a5238b3ea778ce07d629f810ce59a8a877a8840dca0ff13b46ef038e2902fe35bf9657e52252898205f0fd76b2c0c8d361b5772a4a6a6fa8af8ede

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks