Overview

overview

10

Static

static

8

55515c1a89...3d.xls

windows7-x64

10

55515c1a89...3d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55515c1a89221b1acfb819ed867024dac74f4d4cd254e7a833fc02b84812b63d

  • Size

    47KB

  • Sample

    241120-1t4w4syngj

  • MD5

    8b34eab8511cdd95f3c244f88dc6f63c

  • SHA1

    b807eb50ef501d0d1548930eba9d656da9f7730a

  • SHA256

    55515c1a89221b1acfb819ed867024dac74f4d4cd254e7a833fc02b84812b63d

  • SHA512

    dd13cebea40f5cadb470c4fe475b26c99b77b8ce4a1a5f373e6fa172730f16dd4c28faa89887fe490336a879c5b7d5cfe57b5d5b7df7cb6c3a9f8603e765e9d2

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      55515c1a89221b1acfb819ed867024dac74f4d4cd254e7a833fc02b84812b63d

    • Size

      47KB

    • MD5

      8b34eab8511cdd95f3c244f88dc6f63c

    • SHA1

      b807eb50ef501d0d1548930eba9d656da9f7730a

    • SHA256

      55515c1a89221b1acfb819ed867024dac74f4d4cd254e7a833fc02b84812b63d

    • SHA512

      dd13cebea40f5cadb470c4fe475b26c99b77b8ce4a1a5f373e6fa172730f16dd4c28faa89887fe490336a879c5b7d5cfe57b5d5b7df7cb6c3a9f8603e765e9d2

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks