Overview

overview

10

Static

static

8

831d59e087...de.xls

windows7-x64

10

831d59e087...de.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    831d59e087de5c23025cba07d00c15f2e1d263b3f86a044b976ead6f7355f8de

  • Size

    96KB

  • Sample

    241120-fhlaea1mh1

  • MD5

    876e1fbd63a152b4ebefa42036c1d952

  • SHA1

    0b73dbd5c089bba62a88adbe7e585bb63c0cfe8a

  • SHA256

    831d59e087de5c23025cba07d00c15f2e1d263b3f86a044b976ead6f7355f8de

  • SHA512

    26756cd76f8a75b9f1b482b4b1830bcc73533e829c6f8098b9710ca2d88a21c57a6310b2528109675c81715681b4ac4431df532a74efc859335404bc02908f81

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOux:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgk

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/fKIbKAcI81pVn/
xlm40.dropper

http://www.birebiregitim.net/wp-includes/mpaZ6zBj3IAJcx/
xlm40.dropper

http://fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/
xlm40.dropper

https://pccurico.cl/wp-admin/x3kyR3u8ARXStL7/

Targets

    • Target

      831d59e087de5c23025cba07d00c15f2e1d263b3f86a044b976ead6f7355f8de

    • Size

      96KB

    • MD5

      876e1fbd63a152b4ebefa42036c1d952

    • SHA1

      0b73dbd5c089bba62a88adbe7e585bb63c0cfe8a

    • SHA256

      831d59e087de5c23025cba07d00c15f2e1d263b3f86a044b976ead6f7355f8de

    • SHA512

      26756cd76f8a75b9f1b482b4b1830bcc73533e829c6f8098b9710ca2d88a21c57a6310b2528109675c81715681b4ac4431df532a74efc859335404bc02908f81

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOux:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgk

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks