Overview

overview

10

Static

static

8

dbd5006546...98.xls

windows7-x64

10

dbd5006546...98.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbd50065460ea33f7775f56fdc726b8971637d52cc9a799593057d420e942698

  • Size

    56KB

  • Sample

    240717-1yfeba1fkr

  • MD5

    e00d7ca498613f47549d536139382188

  • SHA1

    03513409ac2fdae92fcf14d2d488e6a15c275b37

  • SHA256

    dbd50065460ea33f7775f56fdc726b8971637d52cc9a799593057d420e942698

  • SHA512

    2dc8459af729f7f9be7e7cf9131b1c0f36f3fc5516681df0cbf55ee7825c4c14f2c1c4e3ea6c11916af85db2520e0745b5a47ed2f47010ca691e0a9e4e0b504a

  • SSDEEP

    1536:9+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dg1QvNQHQCVQk:QKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg1

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.clubnauticocordoba.com.ar/bonus.clubnauticocordoba.com.ar/sLCbz03rYfB25/
xlm40.dropper

http://ebuysa.co.za/yt-assets/ihhwpLg/
xlm40.dropper

http://dbr.hostingsdc.pl/smiecio/19VYfhHLp/
xlm40.dropper

http://contabilidadeplenus.com.br/ebooks/dIA4V2AnYEnQL/

Targets

    • Target

      dbd50065460ea33f7775f56fdc726b8971637d52cc9a799593057d420e942698

    • Size

      56KB

    • MD5

      e00d7ca498613f47549d536139382188

    • SHA1

      03513409ac2fdae92fcf14d2d488e6a15c275b37

    • SHA256

      dbd50065460ea33f7775f56fdc726b8971637d52cc9a799593057d420e942698

    • SHA512

      2dc8459af729f7f9be7e7cf9131b1c0f36f3fc5516681df0cbf55ee7825c4c14f2c1c4e3ea6c11916af85db2520e0745b5a47ed2f47010ca691e0a9e4e0b504a

    • SSDEEP

      1536:9+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dg1QvNQHQCVQk:QKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks