Overview

overview

10

Static

static

8

595ed23465...03.xls

windows7-x64

10

595ed23465...03.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    595ed23465651a271ccc807e5526a4f43f09defb6c85f1c930ae4061c0498903

  • Size

    51KB

  • Sample

    241120-127mzavjc1

  • MD5

    d1bf28ef721b854cf58ed7378092bbd2

  • SHA1

    28df89fe14a0a7bd02b46cc220bc4b14e4d08541

  • SHA256

    595ed23465651a271ccc807e5526a4f43f09defb6c85f1c930ae4061c0498903

  • SHA512

    de7ade732083f5ecb695e8958d7f23ecd079c0a6627668cb2c791d4dd6663fc580c94a6e6c0b860335c01455af745a7842ad1b40465f0dfc5c3c57dec3a85277

  • SSDEEP

    1536:ORKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/43SaT3h86rdKRFvE:UKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMt

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bsprabodhini.org/content/BwV8Kq1EUUT5mlon5MD/
xlm40.dropper

https://bb2play.com/wzzx/VcaXG4LsR7mOWebAI/
xlm40.dropper

http://futaba.youchien.net/wp-content/AJ0vdv/
xlm40.dropper

http://www.crazy97.com/wp-includes/VRppRwDg2dBW2NcQASF/
xlm40.dropper

http://46.4.78.202/wp-content/xOvCgoYFAIVjwy6I/
xlm40.dropper

http://britainsolicitors.com/wp-admin/2ysGFKDbYP5sJB0Xg/

Targets

    • Target

      595ed23465651a271ccc807e5526a4f43f09defb6c85f1c930ae4061c0498903

    • Size

      51KB

    • MD5

      d1bf28ef721b854cf58ed7378092bbd2

    • SHA1

      28df89fe14a0a7bd02b46cc220bc4b14e4d08541

    • SHA256

      595ed23465651a271ccc807e5526a4f43f09defb6c85f1c930ae4061c0498903

    • SHA512

      de7ade732083f5ecb695e8958d7f23ecd079c0a6627668cb2c791d4dd6663fc580c94a6e6c0b860335c01455af745a7842ad1b40465f0dfc5c3c57dec3a85277

    • SSDEEP

      1536:ORKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/43SaT3h86rdKRFvE:UKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMt

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks