General

  • Target

    7a9ca6944a360aa3073c63ed08b2f6cdecbbeffa6a4589e95c72bdfde0c3e1d8.xls

  • Size

    91KB

  • Sample

    221110-lze3lsggf4

  • MD5

    15dd6cbea93b113ceba800f48cf4fa98

  • SHA1

    4676001371bdceefaf24e45f91503c5e9f725c02

  • SHA256

    7a9ca6944a360aa3073c63ed08b2f6cdecbbeffa6a4589e95c72bdfde0c3e1d8

  • SHA512

    91492f25e4ca6223b15368db340cf7937ab4a4692ad0c10dda46b1bd3f2a1fbe3a418070b9c92dcbc6e60f845eab3a8857d1502d8971c302df6778baf340c937

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      7a9ca6944a360aa3073c63ed08b2f6cdecbbeffa6a4589e95c72bdfde0c3e1d8.xls

    • Size

      91KB

    • MD5

      15dd6cbea93b113ceba800f48cf4fa98

    • SHA1

      4676001371bdceefaf24e45f91503c5e9f725c02

    • SHA256

      7a9ca6944a360aa3073c63ed08b2f6cdecbbeffa6a4589e95c72bdfde0c3e1d8

    • SHA512

      91492f25e4ca6223b15368db340cf7937ab4a4692ad0c10dda46b1bd3f2a1fbe3a418070b9c92dcbc6e60f845eab3a8857d1502d8971c302df6778baf340c937

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks