General

  • Target

    384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls

  • Size

    91KB

  • Sample

    221110-lf2ghagfc5

  • MD5

    d153b1efaad62c37c34d5cc4fc89f7d0

  • SHA1

    ba551c3ebc3beba4cf17de570bbd532ae7810820

  • SHA256

    384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca

  • SHA512

    3a96f41f879025d49ffd26961a61e7b21f3dbc0522da40604295d214387d2d7af566437d12b36fa19947285abad6cd83a796c0f5367147e8a9fa5dee1b16f566

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

Targets

    • Target

      384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls

    • Size

      91KB

    • MD5

      d153b1efaad62c37c34d5cc4fc89f7d0

    • SHA1

      ba551c3ebc3beba4cf17de570bbd532ae7810820

    • SHA256

      384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca

    • SHA512

      3a96f41f879025d49ffd26961a61e7b21f3dbc0522da40604295d214387d2d7af566437d12b36fa19947285abad6cd83a796c0f5367147e8a9fa5dee1b16f566

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks