Overview

overview

10

Static

static

8

9f98ea5118...69.xls

windows7-x64

10

9f98ea5118...69.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f98ea51183468fdd0490024044879cd26e9c42ac048427fe1407898f4b1f669

  • Size

    47KB

  • Sample

    241120-dyqtqazhqj

  • MD5

    3fc032a2c2532726ff706dda2da1c317

  • SHA1

    9848b38f710ebc83adb99afa5304c3656d5fd497

  • SHA256

    9f98ea51183468fdd0490024044879cd26e9c42ac048427fe1407898f4b1f669

  • SHA512

    2da3ce988e33fdaea103098ee8cce5d16f1b9ca964f8e2beb872742df97ae4db5270f099f9af26f832120a6cac7a0d963510841b226293a98433127b441aa3d8

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      9f98ea51183468fdd0490024044879cd26e9c42ac048427fe1407898f4b1f669

    • Size

      47KB

    • MD5

      3fc032a2c2532726ff706dda2da1c317

    • SHA1

      9848b38f710ebc83adb99afa5304c3656d5fd497

    • SHA256

      9f98ea51183468fdd0490024044879cd26e9c42ac048427fe1407898f4b1f669

    • SHA512

      2da3ce988e33fdaea103098ee8cce5d16f1b9ca964f8e2beb872742df97ae4db5270f099f9af26f832120a6cac7a0d963510841b226293a98433127b441aa3d8

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5n:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8g1

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks