Overview

overview

10

Static

static

8

58c2f02a85...4a.xls

windows7-x64

10

58c2f02a85...4a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58c2f02a85f71de653f49e6ae7dada286deb758309cda4271f4ba2af859f7e4a

  • Size

    95KB

  • Sample

    241120-ff1bjswmbn

  • MD5

    8d25f2a1d6905236836b34b0589a12d5

  • SHA1

    468f2c6ff195372e9ba2bea7eb732c224735bce9

  • SHA256

    58c2f02a85f71de653f49e6ae7dada286deb758309cda4271f4ba2af859f7e4a

  • SHA512

    15f654838bf4d07951cc515c45186dcfd234cbe3f7eb05e16ac2ce430738edf4350c2f020af803c2add7ef5ee8112c7ba0d8c9226552b1ab41c0877b57d571df

  • SSDEEP

    1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNzE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgB

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/Oax5/
xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/QVvdNIasGj/
xlm40.dropper

https://yoymanajemen.id/wp-content/khXBxIm5/
xlm40.dropper

https://dawtona.dev.goldensystem.pl/wp-admin/EX05554XhKk3ee2cQ/

Targets

    • Target

      58c2f02a85f71de653f49e6ae7dada286deb758309cda4271f4ba2af859f7e4a

    • Size

      95KB

    • MD5

      8d25f2a1d6905236836b34b0589a12d5

    • SHA1

      468f2c6ff195372e9ba2bea7eb732c224735bce9

    • SHA256

      58c2f02a85f71de653f49e6ae7dada286deb758309cda4271f4ba2af859f7e4a

    • SHA512

      15f654838bf4d07951cc515c45186dcfd234cbe3f7eb05e16ac2ce430738edf4350c2f020af803c2add7ef5ee8112c7ba0d8c9226552b1ab41c0877b57d571df

    • SSDEEP

      1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNzE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgB

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks