General

  • Target

    6ab2a3bb8c89944f0d644a2c916700d0e3f862e9efde37fc4a789384c7e58db6.xls

  • Size

    91KB

  • Sample

    221110-lxb8yaggd9

  • MD5

    82fe9306449b426b0627038ddbd1c918

  • SHA1

    56c7ef0171897d5527398c70540e18351e211d25

  • SHA256

    6ab2a3bb8c89944f0d644a2c916700d0e3f862e9efde37fc4a789384c7e58db6

  • SHA512

    de2a7606863268b49ced54f08d06fac14bad888b6427de12cf80016ca04693ed48bc824f87793c33d46cbe7ab05625afb1115876d0a5641bba1beef80a1091d8

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      6ab2a3bb8c89944f0d644a2c916700d0e3f862e9efde37fc4a789384c7e58db6.xls

    • Size

      91KB

    • MD5

      82fe9306449b426b0627038ddbd1c918

    • SHA1

      56c7ef0171897d5527398c70540e18351e211d25

    • SHA256

      6ab2a3bb8c89944f0d644a2c916700d0e3f862e9efde37fc4a789384c7e58db6

    • SHA512

      de2a7606863268b49ced54f08d06fac14bad888b6427de12cf80016ca04693ed48bc824f87793c33d46cbe7ab05625afb1115876d0a5641bba1beef80a1091d8

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks