General

  • Target

    f38426dd2a1d47865f9bb888a67667bd2ba14067c3fd5ef0616b8af6ebced1af.xls

  • Size

    91KB

  • Sample

    221110-ns7kdshec5

  • MD5

    b3be57e741ac21b77dec7c9b226f0dde

  • SHA1

    11a4d95185fb3fd105816e4a167524596515c484

  • SHA256

    f38426dd2a1d47865f9bb888a67667bd2ba14067c3fd5ef0616b8af6ebced1af

  • SHA512

    312c33d05490490810b6f8481ed487dfc91e68854fd84d70d73ab3c4554abac3cac9f56deb7684c20f87bd5f86b6ba4614ac4b04d45adad566b186de2f555a13

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/

xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/

xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/

xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      f38426dd2a1d47865f9bb888a67667bd2ba14067c3fd5ef0616b8af6ebced1af.xls

    • Size

      91KB

    • MD5

      b3be57e741ac21b77dec7c9b226f0dde

    • SHA1

      11a4d95185fb3fd105816e4a167524596515c484

    • SHA256

      f38426dd2a1d47865f9bb888a67667bd2ba14067c3fd5ef0616b8af6ebced1af

    • SHA512

      312c33d05490490810b6f8481ed487dfc91e68854fd84d70d73ab3c4554abac3cac9f56deb7684c20f87bd5f86b6ba4614ac4b04d45adad566b186de2f555a13

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks