General

  • Target

    cd323e0fcb0c3cc1044fdc56be11f2d6ec4aaac59bd4ef28317463d9bc485207.xls

  • Size

    91KB

  • Sample

    221110-nv8v8sbdgn

  • MD5

    f7d3e1541cd958d2e2549672abc1b584

  • SHA1

    8129e0271d07f5852546d4e6b7bf1798962d5271

  • SHA256

    cd323e0fcb0c3cc1044fdc56be11f2d6ec4aaac59bd4ef28317463d9bc485207

  • SHA512

    cd73fab6989eebf569f31b3b12e7db4d1de30446c534a43c2a8c2f647ee3120616d805331aedad2e79257bf18a646f38b99bcee40471ca03c2937ea0164f8ac2

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      cd323e0fcb0c3cc1044fdc56be11f2d6ec4aaac59bd4ef28317463d9bc485207.xls

    • Size

      91KB

    • MD5

      f7d3e1541cd958d2e2549672abc1b584

    • SHA1

      8129e0271d07f5852546d4e6b7bf1798962d5271

    • SHA256

      cd323e0fcb0c3cc1044fdc56be11f2d6ec4aaac59bd4ef28317463d9bc485207

    • SHA512

      cd73fab6989eebf569f31b3b12e7db4d1de30446c534a43c2a8c2f647ee3120616d805331aedad2e79257bf18a646f38b99bcee40471ca03c2937ea0164f8ac2

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks