Overview

overview

10

Static

static

8

fd677b62ee...18.xls

windows7-x64

10

fd677b62ee...18.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd677b62ee20fe7313d3ba6fea65ec5a_JaffaCakes118

  • Size

    35KB

  • Sample

    240928-31zl3svcld

  • MD5

    fd677b62ee20fe7313d3ba6fea65ec5a

  • SHA1

    8d846c934c3a424201c37c3a2cd3e5dfae88c0a8

  • SHA256

    7ad4f317592fa8c049fb35cea9b057beb6dff45012810cc02cd0967cecbcc5df

  • SHA512

    d71c131f024904f042624657d4a04a439ac1d6a597d55c46634a22a06067c4dc201524ae1727cce35d644fe99f458cf22353f1368061c88e8ae0adaa9147c8df

  • SSDEEP

    768:KdvxHlcaQPy0iWYOcG4BDhnxD7oOE0ek3hOdsylKlgryzc4bNhZFGzE+cL2knAJS:KdvxHlcaQPy0iWYOcG4BDhnxD7oOEdk7

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.galerija-robin.si/server.php
xlm40.dropper

http://www.miskantus.si/server.php

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.galerija-robin.si/server.php
xlm40.dropper

http://www.miskantus.si/server.php

Targets

    • Target

      fd677b62ee20fe7313d3ba6fea65ec5a_JaffaCakes118

    • Size

      35KB

    • MD5

      fd677b62ee20fe7313d3ba6fea65ec5a

    • SHA1

      8d846c934c3a424201c37c3a2cd3e5dfae88c0a8

    • SHA256

      7ad4f317592fa8c049fb35cea9b057beb6dff45012810cc02cd0967cecbcc5df

    • SHA512

      d71c131f024904f042624657d4a04a439ac1d6a597d55c46634a22a06067c4dc201524ae1727cce35d644fe99f458cf22353f1368061c88e8ae0adaa9147c8df

    • SSDEEP

      768:KdvxHlcaQPy0iWYOcG4BDhnxD7oOE0ek3hOdsylKlgryzc4bNhZFGzE+cL2knAJS:KdvxHlcaQPy0iWYOcG4BDhnxD7oOEdk7

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks