General

  • Target

    3f2a201aadd78da8651b5f95aab4bc87a71ed8dcfb5b5f182e2d093cbd3c9695.xls

  • Size

    91KB

  • Sample

    221110-nyqttshee9

  • MD5

    27f80230d6e4b0c7538c70da45c584f2

  • SHA1

    c35178f026fca45a8d5261e8791099c7cf4931ac

  • SHA256

    3f2a201aadd78da8651b5f95aab4bc87a71ed8dcfb5b5f182e2d093cbd3c9695

  • SHA512

    43be98fc20d2bc4fb9209791836fef0846b79923db48d93ace5e1cd5ca6a867916b59894eecdb3d8add7abb9bf834e17b8084b014199a8e7725049bee42b7efd

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4Z3z3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      3f2a201aadd78da8651b5f95aab4bc87a71ed8dcfb5b5f182e2d093cbd3c9695.xls

    • Size

      91KB

    • MD5

      27f80230d6e4b0c7538c70da45c584f2

    • SHA1

      c35178f026fca45a8d5261e8791099c7cf4931ac

    • SHA256

      3f2a201aadd78da8651b5f95aab4bc87a71ed8dcfb5b5f182e2d093cbd3c9695

    • SHA512

      43be98fc20d2bc4fb9209791836fef0846b79923db48d93ace5e1cd5ca6a867916b59894eecdb3d8add7abb9bf834e17b8084b014199a8e7725049bee42b7efd

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4Z3z3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks