Overview

overview

10

Static

static

8

737ca60d89...af.xls

windows7-x64

10

737ca60d89...af.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    737ca60d8916f50af77b02b335ee2f7f7f2dde08b6b024bd9fa8550f217ccbaf

  • Size

    101KB

  • Sample

    241120-1gjqeaylfj

  • MD5

    a2eb75eb47b290474a11d8bef6e656c8

  • SHA1

    db865c14732134888fd2d0f83bb9eb5b0a611dd7

  • SHA256

    737ca60d8916f50af77b02b335ee2f7f7f2dde08b6b024bd9fa8550f217ccbaf

  • SHA512

    e2492d426d9c719c818bff64d13419100cd4917feffcf9b49c47133e8cccad227e1f503d56ed699b910834e495b7213dbfe988c61e2fe01e6aa40fe6e5eb57d8

  • SSDEEP

    3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Ow:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+E

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dlfreight.com/wp-includes/zLuZdtVkoriGTaRE/
xlm40.dropper

http://hadramout21.com/jetpack-temp/KjOqTnCwBbVrz8w/
xlm40.dropper

http://groupesther.com/wp-admin/2hhcMwfOG0aRi1t/
xlm40.dropper

http://datainline.com/aspnet_client/56LwAJvy/
xlm40.dropper

http://greycoconut.com/edm/0ywf2bF/

Targets

    • Target

      737ca60d8916f50af77b02b335ee2f7f7f2dde08b6b024bd9fa8550f217ccbaf

    • Size

      101KB

    • MD5

      a2eb75eb47b290474a11d8bef6e656c8

    • SHA1

      db865c14732134888fd2d0f83bb9eb5b0a611dd7

    • SHA256

      737ca60d8916f50af77b02b335ee2f7f7f2dde08b6b024bd9fa8550f217ccbaf

    • SHA512

      e2492d426d9c719c818bff64d13419100cd4917feffcf9b49c47133e8cccad227e1f503d56ed699b910834e495b7213dbfe988c61e2fe01e6aa40fe6e5eb57d8

    • SSDEEP

      3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Ow:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+E

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks