General

  • Target

    c9fdbf09b47471e1f321732b14398d300322fa291fbc61875acd4306fcefa51c.xls

  • Size

    91KB

  • Sample

    221110-nzhvlshef5

  • MD5

    6fc293646ad89d5660afd27994f2a933

  • SHA1

    e0e00aa412b5b5b29b94c11e476405694961845e

  • SHA256

    c9fdbf09b47471e1f321732b14398d300322fa291fbc61875acd4306fcefa51c

  • SHA512

    7e2f168677229c612aef0fe9e6ef9c73847e28b1231602cc1210d2e51540ec5f48429affbce4dae44dc2295b64715025e7fd66d9df070be86e591d2372642d62

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.conceptagency.net/css/b8eaKN/

xlm40.dropper

https://bencevendeghaz.hu/2zjoi/cwfKJOzA/

xlm40.dropper

http://45.32.114.141/xilte/Uqm6Eysf3Hkjwh/

xlm40.dropper

http://ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/

Targets

    • Target

      c9fdbf09b47471e1f321732b14398d300322fa291fbc61875acd4306fcefa51c.xls

    • Size

      91KB

    • MD5

      6fc293646ad89d5660afd27994f2a933

    • SHA1

      e0e00aa412b5b5b29b94c11e476405694961845e

    • SHA256

      c9fdbf09b47471e1f321732b14398d300322fa291fbc61875acd4306fcefa51c

    • SHA512

      7e2f168677229c612aef0fe9e6ef9c73847e28b1231602cc1210d2e51540ec5f48429affbce4dae44dc2295b64715025e7fd66d9df070be86e591d2372642d62

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4ZXz3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks