Overview

overview

10

Static

static

8

e0da424ff2...cb.xls

windows7-x64

10

e0da424ff2...cb.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0da424ff2ea1ce079af05ad9e3e32cd99a8ac637d4b2f07c24cc818b34395cb

  • Size

    45KB

  • Sample

    241120-1zxpzstfrf

  • MD5

    efbc36b75d36a1a05f9893d95c52a960

  • SHA1

    ec041f3743b7ba61afec35329b5a6d2a97087bbf

  • SHA256

    e0da424ff2ea1ce079af05ad9e3e32cd99a8ac637d4b2f07c24cc818b34395cb

  • SHA512

    a28ec256326a27d9d2298906c71a72a68dab1a5296c4c0ecfa0b54da94e53a17563c2f3bc15edcf8b991a9a834cf1641886df95cb2ea33f99a75bc7d6a3eecb1

  • SSDEEP

    768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJl1:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dd

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fpd.cl/cgi-bin/83E0xgTMc/
xlm40.dropper

https://el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
xlm40.dropper

https://www.manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
xlm40.dropper

http://contactworks.nl/layouts/fFxKZabh/
xlm40.dropper

http://baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/

Targets

    • Target

      e0da424ff2ea1ce079af05ad9e3e32cd99a8ac637d4b2f07c24cc818b34395cb

    • Size

      45KB

    • MD5

      efbc36b75d36a1a05f9893d95c52a960

    • SHA1

      ec041f3743b7ba61afec35329b5a6d2a97087bbf

    • SHA256

      e0da424ff2ea1ce079af05ad9e3e32cd99a8ac637d4b2f07c24cc818b34395cb

    • SHA512

      a28ec256326a27d9d2298906c71a72a68dab1a5296c4c0ecfa0b54da94e53a17563c2f3bc15edcf8b991a9a834cf1641886df95cb2ea33f99a75bc7d6a3eecb1

    • SSDEEP

      768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJl1:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dd

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks