Overview

overview

10

Static

static

8

967203605f...55.xls

windows7-x64

10

967203605f...55.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    967203605fb41bcb4a649e0b37bed8aef6d12bf6ff13504546da5266c9862a55

  • Size

    96KB

  • Sample

    241119-xvaswazgpg

  • MD5

    ac089a2974424a3a704a53c6cbbfa13a

  • SHA1

    c2fd5afcc0ac1a6435a2c8330ddfe4a58141f712

  • SHA256

    967203605fb41bcb4a649e0b37bed8aef6d12bf6ff13504546da5266c9862a55

  • SHA512

    6776793efe517b24e737879a5389fbf664abcbe637e019720ebe3531e11b760ca610058acc5c7f838f66d879f4aae318b68b8284cd58ae3e6ad7440f4b1a76e6

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJm27:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bpsjambi.id/about/CcN5IbuInPQ/
xlm40.dropper

https://greenlizard.co.za/amanah/pu8xeUOpqqq/
xlm40.dropper

https://akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/
xlm40.dropper

https://www.yell.ge/nav_logo/x960wo3PHaIUm/

Targets

    • Target

      967203605fb41bcb4a649e0b37bed8aef6d12bf6ff13504546da5266c9862a55

    • Size

      96KB

    • MD5

      ac089a2974424a3a704a53c6cbbfa13a

    • SHA1

      c2fd5afcc0ac1a6435a2c8330ddfe4a58141f712

    • SHA256

      967203605fb41bcb4a649e0b37bed8aef6d12bf6ff13504546da5266c9862a55

    • SHA512

      6776793efe517b24e737879a5389fbf664abcbe637e019720ebe3531e11b760ca610058acc5c7f838f66d879f4aae318b68b8284cd58ae3e6ad7440f4b1a76e6

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJm27:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks