ed87b60d77096d0eab29e895bfe5f092503535dd3ec56d96dc16948a67dc5cc5 | Triage

Sharing

General

Target

ed87b60d77096d0eab29e895bfe5f092503535dd3ec56d96dc16948a67dc5cc5.xlsx
Size

217KB
Sample

230211-ctltjaea72
MD5

cb5a66c49fdb3439090161e6cb0dc0a8
SHA1

a2ae194d202a1eb0cce7952f9c18d7c0ce01baf8
SHA256

ed87b60d77096d0eab29e895bfe5f092503535dd3ec56d96dc16948a67dc5cc5
SHA512

977f14ec194c215f9f6a0c8995bfa08216c66b87b6e99f2cf8fc6af4b83b0d83902709650dd259dbde28c232913044f14937d18889a2ea1a54cca0a2ac9b1067
SSDEEP

6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmH:BbGUMVWlbH

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/

xlm40.dropper

http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/NRAdJ/

xlm40.dropper

http://www.muyehuayi.com/cmp/Vtm2m7z88g/

Targets

- Target
  
  ed87b60d77096d0eab29e895bfe5f092503535dd3ec56d96dc16948a67dc5cc5.xlsx
- Size
  
  217KB
- MD5
  
  cb5a66c49fdb3439090161e6cb0dc0a8
- SHA1
  
  a2ae194d202a1eb0cce7952f9c18d7c0ce01baf8
- SHA256
  
  ed87b60d77096d0eab29e895bfe5f092503535dd3ec56d96dc16948a67dc5cc5
- SHA512
  
  977f14ec194c215f9f6a0c8995bfa08216c66b87b6e99f2cf8fc6af4b83b0d83902709650dd259dbde28c232913044f14937d18889a2ea1a54cca0a2ac9b1067
- SSDEEP
  
  6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmH:BbGUMVWlbH
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2