Overview

overview

10

Static

static

8

374f364d44...18.xls

windows7-x64

10

374f364d44...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    374f364d444f1be80ef14826d16c8850bb4f4aa87f1a329bed932f4ae5432618

  • Size

    101KB

  • Sample

    241120-2xcgpszlfk

  • MD5

    4704b2d76974e75799b325aec09ac2c1

  • SHA1

    234d7550b75af09d8481b0cd5453755313f5c7b7

  • SHA256

    374f364d444f1be80ef14826d16c8850bb4f4aa87f1a329bed932f4ae5432618

  • SHA512

    feb072c0e5f21994dd9f9dd5d793793ab39423484b72aa684cc2edae39ef49fcb0adb1d4ea5a3edd0d9166ceddcf8e773907d488e079c94599fe416f0c413480

  • SSDEEP

    3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8OA:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+U

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dlfreight.com/wp-includes/zLuZdtVkoriGTaRE/
xlm40.dropper

http://hadramout21.com/jetpack-temp/KjOqTnCwBbVrz8w/
xlm40.dropper

http://groupesther.com/wp-admin/2hhcMwfOG0aRi1t/
xlm40.dropper

http://datainline.com/aspnet_client/56LwAJvy/
xlm40.dropper

http://greycoconut.com/edm/0ywf2bF/

Targets

    • Target

      374f364d444f1be80ef14826d16c8850bb4f4aa87f1a329bed932f4ae5432618

    • Size

      101KB

    • MD5

      4704b2d76974e75799b325aec09ac2c1

    • SHA1

      234d7550b75af09d8481b0cd5453755313f5c7b7

    • SHA256

      374f364d444f1be80ef14826d16c8850bb4f4aa87f1a329bed932f4ae5432618

    • SHA512

      feb072c0e5f21994dd9f9dd5d793793ab39423484b72aa684cc2edae39ef49fcb0adb1d4ea5a3edd0d9166ceddcf8e773907d488e079c94599fe416f0c413480

    • SSDEEP

      3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8OA:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+U

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks