General

  • Target

    a31d4fdf3048f7629d4b4d7356009775273beec46b7484bfede20eb167b95105.xls

  • Size

    91KB

  • Sample

    221110-lexrxsgfb8

  • MD5

    696b5d61f683fad48d91536ab393ddb3

  • SHA1

    abd7a2e86da07eb26c3ffdc08284d912140a5f70

  • SHA256

    a31d4fdf3048f7629d4b4d7356009775273beec46b7484bfede20eb167b95105

  • SHA512

    c3264ddc5434a712035b3b9c31538591fd3575a5620be612714f9412b4156e66228ec1f4a2e59dfd93c071c7f5341a3af71976617d439e19489b6fe43ebb3010

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      a31d4fdf3048f7629d4b4d7356009775273beec46b7484bfede20eb167b95105.xls

    • Size

      91KB

    • MD5

      696b5d61f683fad48d91536ab393ddb3

    • SHA1

      abd7a2e86da07eb26c3ffdc08284d912140a5f70

    • SHA256

      a31d4fdf3048f7629d4b4d7356009775273beec46b7484bfede20eb167b95105

    • SHA512

      c3264ddc5434a712035b3b9c31538591fd3575a5620be612714f9412b4156e66228ec1f4a2e59dfd93c071c7f5341a3af71976617d439e19489b6fe43ebb3010

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks