General

  • Target

    d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls

  • Size

    91KB

  • Sample

    221110-ljszjaaegm

  • MD5

    af0d4e7833a0d70113150362a5271209

  • SHA1

    6fda75dd73fd356dc922fdffa9299f164c124067

  • SHA256

    d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499

  • SHA512

    d60dd9a683c45899258e68aa1cf853e2fcc3419b782270fc13f24a9ec578787b4ec7f46544884848d341224b34dbef58925ec78126736ce9c10a198e9dfc0211

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls

    • Size

      91KB

    • MD5

      af0d4e7833a0d70113150362a5271209

    • SHA1

      6fda75dd73fd356dc922fdffa9299f164c124067

    • SHA256

      d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499

    • SHA512

      d60dd9a683c45899258e68aa1cf853e2fcc3419b782270fc13f24a9ec578787b4ec7f46544884848d341224b34dbef58925ec78126736ce9c10a198e9dfc0211

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks