Overview

overview

10

Static

static

8

2f8ee0365d...0b.xls

windows7-x64

10

2f8ee0365d...0b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f8ee0365d85b25f9891a6347a0f87d001dec8c0e200c9cbdfada2a26477220b

  • Size

    243KB

  • Sample

    241120-f9gfjawrfp

  • MD5

    b7366c3143ffd59510bde00af4fb9771

  • SHA1

    c148e7452543677c8ebfcb367159544764834546

  • SHA256

    2f8ee0365d85b25f9891a6347a0f87d001dec8c0e200c9cbdfada2a26477220b

  • SHA512

    fb3e654597cda37f3749844cad7b58affbafe9fa6dfbb9b0d063a3c3031fe382642ccb6c68a398867cb7881202387b8c8ae51ef05e2b789dcf623bead3bc38dc

  • SSDEEP

    6144:DKpbdrHYrMue8q7QPX+5xtFEdi8/dg/ThvsiKIjvl5fd1Xh8rsoX/w/0Y:ghEXs5fXR8rsNT

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://servidorcarlosydavid.es/wp-admin/jkNPgHxNjF/
xlm40.dropper

https://gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/
xlm40.dropper

https://iashanghai.cn/z/Z1PG6ulBh20plss/
xlm40.dropper

https://www.pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/
xlm40.dropper

http://dmdagents.com.au/vqwbgz/CL4Bo4C4VS0deg/

Targets

    • Target

      2f8ee0365d85b25f9891a6347a0f87d001dec8c0e200c9cbdfada2a26477220b

    • Size

      243KB

    • MD5

      b7366c3143ffd59510bde00af4fb9771

    • SHA1

      c148e7452543677c8ebfcb367159544764834546

    • SHA256

      2f8ee0365d85b25f9891a6347a0f87d001dec8c0e200c9cbdfada2a26477220b

    • SHA512

      fb3e654597cda37f3749844cad7b58affbafe9fa6dfbb9b0d063a3c3031fe382642ccb6c68a398867cb7881202387b8c8ae51ef05e2b789dcf623bead3bc38dc

    • SSDEEP

      6144:DKpbdrHYrMue8q7QPX+5xtFEdi8/dg/ThvsiKIjvl5fd1Xh8rsoX/w/0Y:ghEXs5fXR8rsNT

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks