General

  • Target

    9a1c7c5cb1c01308e9fd5b61e754f338ec6bf654efab0f96f970e4858c58c7b4.xls

  • Size

    91KB

  • Sample

    221110-m72f9abbfn

  • MD5

    ea2ac94090b18e4293971b271fe2b367

  • SHA1

    576180f413a60f80886364f9c48a5482514cc4b8

  • SHA256

    9a1c7c5cb1c01308e9fd5b61e754f338ec6bf654efab0f96f970e4858c58c7b4

  • SHA512

    c96bd096623b941f1a49bd27c5b9a9ecd69781251a5359d7a59b1d10fc000156855a96500b478d850208576b0c0ea1dec3b693c7d7ff547d0924221212975789

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      9a1c7c5cb1c01308e9fd5b61e754f338ec6bf654efab0f96f970e4858c58c7b4.xls

    • Size

      91KB

    • MD5

      ea2ac94090b18e4293971b271fe2b367

    • SHA1

      576180f413a60f80886364f9c48a5482514cc4b8

    • SHA256

      9a1c7c5cb1c01308e9fd5b61e754f338ec6bf654efab0f96f970e4858c58c7b4

    • SHA512

      c96bd096623b941f1a49bd27c5b9a9ecd69781251a5359d7a59b1d10fc000156855a96500b478d850208576b0c0ea1dec3b693c7d7ff547d0924221212975789

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks