General
-
Target
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls
-
Size
91KB
-
Sample
221110-lf2ghagfc5
-
MD5
d153b1efaad62c37c34d5cc4fc89f7d0
-
SHA1
ba551c3ebc3beba4cf17de570bbd532ae7810820
-
SHA256
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca
-
SHA512
3a96f41f879025d49ffd26961a61e7b21f3dbc0522da40604295d214387d2d7af566437d12b36fa19947285abad6cd83a796c0f5367147e8a9fa5dee1b16f566
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Behavioral task
behavioral1
Sample
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls
Resource
win10-20220812-en
Malware Config
Extracted
https://bosny.com/aspnet_client/R50QIOGjmvVlr/
http://navylin.com/autopoisonous/4fZQW/
http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/
http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/
Extracted
https://bosny.com/aspnet_client/R50QIOGjmvVlr/
Targets
-
-
Target
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca.xls
-
Size
91KB
-
MD5
d153b1efaad62c37c34d5cc4fc89f7d0
-
SHA1
ba551c3ebc3beba4cf17de570bbd532ae7810820
-
SHA256
384c5f3d4fea18e5f3be020f8632251a28dc0a0cb8c41153c9549b440dfcdbca
-
SHA512
3a96f41f879025d49ffd26961a61e7b21f3dbc0522da40604295d214387d2d7af566437d12b36fa19947285abad6cd83a796c0f5367147e8a9fa5dee1b16f566
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-