Overview

overview

10

Static

static

8

c1612c699a...79.xls

windows7-x64

10

c1612c699a...79.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1612c699a0e5e718a1d066ac997e4fe7f46c283bcca15b1cd030dfd49fa9379

  • Size

    47KB

  • Sample

    241119-nrp9qavgpc

  • MD5

    3dff266b20db00aa1b2fca1f0d5b5d3a

  • SHA1

    95ee4d59c67c6f781a1f6fafb785a81a35de0378

  • SHA256

    c1612c699a0e5e718a1d066ac997e4fe7f46c283bcca15b1cd030dfd49fa9379

  • SHA512

    ce542f350d082eb76fe8347b2fb978914b3c79299a9f3bbcf1a7c2f2f0f4d3a5ac737a5d2c422eaf10e599db91bb38c6e6d6e2db02e4aa06a8baf05bc6c51a68

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp53:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gF

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      c1612c699a0e5e718a1d066ac997e4fe7f46c283bcca15b1cd030dfd49fa9379

    • Size

      47KB

    • MD5

      3dff266b20db00aa1b2fca1f0d5b5d3a

    • SHA1

      95ee4d59c67c6f781a1f6fafb785a81a35de0378

    • SHA256

      c1612c699a0e5e718a1d066ac997e4fe7f46c283bcca15b1cd030dfd49fa9379

    • SHA512

      ce542f350d082eb76fe8347b2fb978914b3c79299a9f3bbcf1a7c2f2f0f4d3a5ac737a5d2c422eaf10e599db91bb38c6e6d6e2db02e4aa06a8baf05bc6c51a68

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp53:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gF

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks