General

  • Target

    e9f3422eb2d2209c1f1abb4e5a78f716008655f7d8dce2fd5f7d74d5640fc989.xls

  • Size

    91KB

  • Sample

    221110-lqltssafcl

  • MD5

    c9f24d2eceb28bf2d70d87ccd427d791

  • SHA1

    7d4a6db939310d683932643ce2e5ebbd9e63b475

  • SHA256

    e9f3422eb2d2209c1f1abb4e5a78f716008655f7d8dce2fd5f7d74d5640fc989

  • SHA512

    f3897b412d488cf8ac9dab7fbaa12423cb4cf970ca01806183f0438041151b53b91dcf4bb8603892fe441e0e6888583f2d84f66d80de39eaee8e4add5c1973c9

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      e9f3422eb2d2209c1f1abb4e5a78f716008655f7d8dce2fd5f7d74d5640fc989.xls

    • Size

      91KB

    • MD5

      c9f24d2eceb28bf2d70d87ccd427d791

    • SHA1

      7d4a6db939310d683932643ce2e5ebbd9e63b475

    • SHA256

      e9f3422eb2d2209c1f1abb4e5a78f716008655f7d8dce2fd5f7d74d5640fc989

    • SHA512

      f3897b412d488cf8ac9dab7fbaa12423cb4cf970ca01806183f0438041151b53b91dcf4bb8603892fe441e0e6888583f2d84f66d80de39eaee8e4add5c1973c9

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks