Overview

overview

10

Static

static

8

a0d5e61633...91.xls

windows7-x64

10

a0d5e61633...91.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0d5e6163359829b27414a2f10e528a6f40f9953f3f23406d444f692660b7d91

  • Size

    80KB

  • Sample

    241119-wt8svazgjm

  • MD5

    886cf218c603922b1782fa6326caea26

  • SHA1

    1f37de817ffe191444948451be0a09ed43cdf830

  • SHA256

    a0d5e6163359829b27414a2f10e528a6f40f9953f3f23406d444f692660b7d91

  • SHA512

    7446bae844bea4d8070be320812c374b7b29027705a866c4cea70b5edd920506855b24633efd5d9019ba5b94db34e19604ded67e6a3ef325a73344d704af62f8

  • SSDEEP

    1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFO:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dz

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/
xlm40.dropper

http://cerdi.com/_derived/J4Fu7VmGZQ7rGA/
xlm40.dropper

https://www.chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/
xlm40.dropper

http://bsbmakina.com.tr/logo/eVWaAWm/

Targets

    • Target

      a0d5e6163359829b27414a2f10e528a6f40f9953f3f23406d444f692660b7d91

    • Size

      80KB

    • MD5

      886cf218c603922b1782fa6326caea26

    • SHA1

      1f37de817ffe191444948451be0a09ed43cdf830

    • SHA256

      a0d5e6163359829b27414a2f10e528a6f40f9953f3f23406d444f692660b7d91

    • SHA512

      7446bae844bea4d8070be320812c374b7b29027705a866c4cea70b5edd920506855b24633efd5d9019ba5b94db34e19604ded67e6a3ef325a73344d704af62f8

    • SSDEEP

      1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFO:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dz

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks