General

  • Target

    3ba55f3dbdd241b138825476f59cbfadc2bee59b79e7d3bfc865c6bb3540c4de.xls

  • Size

    91KB

  • Sample

    221110-nw9txsbdhj

  • MD5

    74c44c03cc73a7477c272b791ad03b90

  • SHA1

    8ad6109d730f9b92355d2b6fd70cd259dc53e429

  • SHA256

    3ba55f3dbdd241b138825476f59cbfadc2bee59b79e7d3bfc865c6bb3540c4de

  • SHA512

    e3d2ce6c68abc8332f9042515f482e292ef825236745d1724b14648aaa475f46b18c5c8177a7ed84541fe5f9c1e047b453aad3a47ccdf6bc9174a3decd873653

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      3ba55f3dbdd241b138825476f59cbfadc2bee59b79e7d3bfc865c6bb3540c4de.xls

    • Size

      91KB

    • MD5

      74c44c03cc73a7477c272b791ad03b90

    • SHA1

      8ad6109d730f9b92355d2b6fd70cd259dc53e429

    • SHA256

      3ba55f3dbdd241b138825476f59cbfadc2bee59b79e7d3bfc865c6bb3540c4de

    • SHA512

      e3d2ce6c68abc8332f9042515f482e292ef825236745d1724b14648aaa475f46b18c5c8177a7ed84541fe5f9c1e047b453aad3a47ccdf6bc9174a3decd873653

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks