f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6 | Triage

Sharing

General

Target

f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
Size

235KB
Sample

230419-md6h4shh58
MD5

2654fdca7197f542cbd0be823a2a2a9f
SHA1

149b43a5f8f4d9bd63720b408f6c4e2a86401c6a
SHA256

f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6
SHA512

1534994b08b95c1a9879afba6a857817146b3aaa06484a65ff89f418b5ca31fa7ffbc2076efdface8f0036f5e3a7f98e95fe0120df3bfe2c2b06ea8e3b96bcaf
SSDEEP

6144:cKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgq9jWXcZZRBTq1BOzTwvOsPDslAvS32vI7p:09jVzTmszTwvTDy33LvfP1OWr

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ohemaa.org/HUVm9mDKLW9C/ocrafhh.html

xlm40.dropper

https://madieandme.com.au/xnkpOLnvlN6T/ocrafh.html

xlm40.dropper

https://amerident.com.do/xdOMlaB0XJ7/ocraf.html

Targets

- Target
  
  f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
- Size
  
  235KB
- MD5
  
  2654fdca7197f542cbd0be823a2a2a9f
- SHA1
  
  149b43a5f8f4d9bd63720b408f6c4e2a86401c6a
- SHA256
  
  f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6
- SHA512
  
  1534994b08b95c1a9879afba6a857817146b3aaa06484a65ff89f418b5ca31fa7ffbc2076efdface8f0036f5e3a7f98e95fe0120df3bfe2c2b06ea8e3b96bcaf
- SSDEEP
  
  6144:cKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgq9jWXcZZRBTq1BOzTwvOsPDslAvS32vI7p:09jVzTmszTwvTDy33LvfP1OWr
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2