General

  • Target

    7b6154d48913c9bb828c9b5823a96267f8bfb2a70fe05039770adf046ef0c7d5.xls

  • Size

    91KB

  • Sample

    221110-lgyf8saeen

  • MD5

    a3a5b4f617c464d4715854f97f68cb7d

  • SHA1

    75b59ec5182b2e2bb8446ff46cebb44b43293857

  • SHA256

    7b6154d48913c9bb828c9b5823a96267f8bfb2a70fe05039770adf046ef0c7d5

  • SHA512

    2c9d621cedcdbb0818bb09686a7eb04637f3c6261e1ad1627f2e6ea3acb28aa08dea8aa84c0d4f4ae6b6947f5b29dbc0c4625248a79863462b027e4e1a9b8aba

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      7b6154d48913c9bb828c9b5823a96267f8bfb2a70fe05039770adf046ef0c7d5.xls

    • Size

      91KB

    • MD5

      a3a5b4f617c464d4715854f97f68cb7d

    • SHA1

      75b59ec5182b2e2bb8446ff46cebb44b43293857

    • SHA256

      7b6154d48913c9bb828c9b5823a96267f8bfb2a70fe05039770adf046ef0c7d5

    • SHA512

      2c9d621cedcdbb0818bb09686a7eb04637f3c6261e1ad1627f2e6ea3acb28aa08dea8aa84c0d4f4ae6b6947f5b29dbc0c4625248a79863462b027e4e1a9b8aba

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks