Overview

overview

10

Static

static

3

11f44531fb...to.dll

windows7-x64

3

11f44531fb...to.dll

windows10-2004-x64

3

11f44531fb...o1.dll

windows7-x64

3

11f44531fb...o1.dll

windows10-2004-x64

3

11f44531fb...71.xls

windows7-x64

10

11f44531fb...71.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6fab9a8-3dab-4bf8-a2cb-b955b0c00ce8-11f44531fb088d31307d87b01e8eabff.zip

  • Size

    106KB

  • Sample

    240910-1nslwsybpd

  • MD5

    0193d7468c45f685e0d35941048bf2d6

  • SHA1

    90299163896f31a7c0e40b39eff12af7da9f109a

  • SHA256

    da7b606e8d29bbca692fb9bc56f36003b5ea4e27e62f90848559501155c23afd

  • SHA512

    c7849a84012ec1fc13825b37ae37c15b110a08849fcbaae47da1a827538751e62d0c8a2a08603eefb632f1bae85609ba4e41b70598e14eb1cd922c5cb28012b4

  • SSDEEP

    3072:W5flEj4FRq1o03jT+s554VXuR0eUuFZIHus9A:W/Ej4FR3In554A+eUu/eA

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://nws.visionconsulting.ro/N1G1KCXA/dot.html
xlm40.dropper

https://royalpalm.sparkblue.lk/vCNhYrq3Yg8/dot.html

Targets

    • Target

      11f44531fb088d31307d87b01e8eabff/iroto.dll

    • Size

      434KB

    • MD5

      e03bde4862d4d93ac2ceed85abf50b18

    • SHA1

      7d7c288a8cf7d4e5f64d616da699712b82760303

    • SHA256

      055b9e9af987aec9ba7adb0eef947f39b516a213d663cc52a71c7f0af146a946

    • SHA512

      12e8ef09745a562567dc3d18e3be72dac09120e7756d47d23a605a82499b1ed8ff471578f0f85a35685de13c93f1ad0834a89dce5d136527f731b5e170a520f1

    • SSDEEP

      12:e9GSG2CTi/FfILQAu//6lgR0FWdzQ2VCARHUwOLe7EEe:e9GSnCTi9ALsQiQ296LG

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      11f44531fb088d31307d87b01e8eabff/iroto1.dll

    • Size

      434KB

    • MD5

      8e6fbefcbac2a1967941fa692c82c3ca

    • SHA1

      242a7803adb19f638ef62077f1b76756f3a13a0d

    • SHA256

      e05c717b43f7e204f315eb8c298f9715791385516335acd8f20ec9e26c3e9b0b

    • SHA512

      bc6dc64fa5bc19f234e3df27f718a50f82f6f086da2cd761d81edda4cf9355b40115279ebc368a0f55cf651405e34988336f9f5c3577ce7a7433971194a7b179

    • SSDEEP

      12:e9GSG2CTi/FfILQAu//6lgR0FWdzQ2VCARHUwOLe7EEe:e9GSnCTi9ALsQiQ296LG

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      11f44531fb088d31307d87b01e8eabff/research-1646684671.xls

    • Size

      648KB

    • MD5

      b775cd8be83696ca37b2fe00bcb40574

    • SHA1

      60c8a9fdf2b24f8fb4913d4745a8557df5ff8e07

    • SHA256

      1df68d55968bb9d2db4d0d18155188a03a442850ff543c8595166ac6987df820

    • SHA512

      5ad4da8582bec3cc545e322cad2e356f59c4bfa5fe4ca90c0e781dd0e63a7aefbcc27b4045583232e4fdccffbc2bceb832b8d8e9ec3c070cf4b6559ca3c99a72

    • SSDEEP

      6144:Hknl9oBdySAx76F6XeyTVtW/9Ny9ABnl5/PBgxOHjuM9Mn:jl5/WxIji

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks