General
-
Target
EXCELntDonut_C#.xlsm
-
Size
166KB
-
Sample
230724-hk2fhsah57
-
MD5
6e395d5f298ca0268e4f43b7837195d5
-
SHA1
9f106e7846e4af5d5a460217d6f176e1ac1013fe
-
SHA256
e040040b65422449f0a09632d479d61af870f5568c56a6d61d7ceeb28b41a1c5
-
SHA512
6bf223132a4c8647f8e9769c62e8c045d849250e00a22f21b8bab08294b36c6690857c8fae2defb0f79cfd1e2eb8643ba9d93424cf89d55ec44fd5d90d0f0277
-
SSDEEP
3072:WojFkkaj7+OyONOdjSps+j3NUVGfzXPrNW3gnIiQjGuHmkUWBYofGUh:pRk7j7+3OEdey+jdTbXDNW3gnOmkUWBD
Malware Config
Extracted
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.6:1234
Targets
-
-
Target
EXCELntDonut_C#.xlsm
-
Size
166KB
-
MD5
6e395d5f298ca0268e4f43b7837195d5
-
SHA1
9f106e7846e4af5d5a460217d6f176e1ac1013fe
-
SHA256
e040040b65422449f0a09632d479d61af870f5568c56a6d61d7ceeb28b41a1c5
-
SHA512
6bf223132a4c8647f8e9769c62e8c045d849250e00a22f21b8bab08294b36c6690857c8fae2defb0f79cfd1e2eb8643ba9d93424cf89d55ec44fd5d90d0f0277
-
SSDEEP
3072:WojFkkaj7+OyONOdjSps+j3NUVGfzXPrNW3gnIiQjGuHmkUWBYofGUh:pRk7j7+3OEdey+jdTbXDNW3gnOmkUWBD
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-