Overview

overview

10

Static

static

8

0fa9509fc1...14.xls

windows7-x64

10

0fa9509fc1...14.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fa9509fc1fccd23d97a9abe3547b629a55a8fbd6c7c23a4147e391cdbbf6314

  • Size

    47KB

  • Sample

    241120-1nn9gavcrp

  • MD5

    032ad62d2cf74c0b494772bc32f674a7

  • SHA1

    e4c3a61ac362f6d73d539c153bce00277d2c9471

  • SHA256

    0fa9509fc1fccd23d97a9abe3547b629a55a8fbd6c7c23a4147e391cdbbf6314

  • SHA512

    f1e220815a09edbf26bbeef1f545e9bde9e3b61945662d71e2a86b1ab0f6d7b14987dcfe95aff5956d05655e612feed8d4a7d877ac1fbc364883afe04d791b85

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      0fa9509fc1fccd23d97a9abe3547b629a55a8fbd6c7c23a4147e391cdbbf6314

    • Size

      47KB

    • MD5

      032ad62d2cf74c0b494772bc32f674a7

    • SHA1

      e4c3a61ac362f6d73d539c153bce00277d2c9471

    • SHA256

      0fa9509fc1fccd23d97a9abe3547b629a55a8fbd6c7c23a4147e391cdbbf6314

    • SHA512

      f1e220815a09edbf26bbeef1f545e9bde9e3b61945662d71e2a86b1ab0f6d7b14987dcfe95aff5956d05655e612feed8d4a7d877ac1fbc364883afe04d791b85

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks