Overview

overview

10

Static

static

8

dc05a79ba5...1e.xls

windows7-x64

10

dc05a79ba5...1e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc05a79ba588c53cede36f391362df8b4d415c091128f79772d57661992ccf1e

  • Size

    95KB

  • Sample

    241120-adjywswjgs

  • MD5

    1de740a5865efe2a70014e62d00a3fa6

  • SHA1

    81274034d94f3fae8e7560cb2e0b39069a4eaab6

  • SHA256

    dc05a79ba588c53cede36f391362df8b4d415c091128f79772d57661992ccf1e

  • SHA512

    d3d9fde123b338b38779de17a5da38c44efab4b2a31d1e154b80e0b40381e43b7651b0ff8d8f9bf7fee2ffa217de67a7ade0119b3354add5ef94e59a5136007c

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFq2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgn

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/
xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/
xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/
xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      dc05a79ba588c53cede36f391362df8b4d415c091128f79772d57661992ccf1e

    • Size

      95KB

    • MD5

      1de740a5865efe2a70014e62d00a3fa6

    • SHA1

      81274034d94f3fae8e7560cb2e0b39069a4eaab6

    • SHA256

      dc05a79ba588c53cede36f391362df8b4d415c091128f79772d57661992ccf1e

    • SHA512

      d3d9fde123b338b38779de17a5da38c44efab4b2a31d1e154b80e0b40381e43b7651b0ff8d8f9bf7fee2ffa217de67a7ade0119b3354add5ef94e59a5136007c

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFq2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgn

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks