General

  • Target

    332a5c831aa9fbc30fc22d8ac5941fabaa26e51dc1734b90e294cb282b3be0fa.xls

  • Size

    91KB

  • Sample

    221110-m99kmsbbhp

  • MD5

    f4882d22c16e369b1628c7ae99cc7f9e

  • SHA1

    4bfc8167a0a190d4bfa6c995a7f3887bc2f86563

  • SHA256

    332a5c831aa9fbc30fc22d8ac5941fabaa26e51dc1734b90e294cb282b3be0fa

  • SHA512

    d9eb572ad5f365579a45a9e0c978aaca6a9be94008a42ed7206900a6631bdee181ae58f1ea2613e449048492103a244617ec897baa597e97291dc5e7a864b2ba

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      332a5c831aa9fbc30fc22d8ac5941fabaa26e51dc1734b90e294cb282b3be0fa.xls

    • Size

      91KB

    • MD5

      f4882d22c16e369b1628c7ae99cc7f9e

    • SHA1

      4bfc8167a0a190d4bfa6c995a7f3887bc2f86563

    • SHA256

      332a5c831aa9fbc30fc22d8ac5941fabaa26e51dc1734b90e294cb282b3be0fa

    • SHA512

      d9eb572ad5f365579a45a9e0c978aaca6a9be94008a42ed7206900a6631bdee181ae58f1ea2613e449048492103a244617ec897baa597e97291dc5e7a864b2ba

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks