Overview

overview

10

Static

static

8

6061cba0f2...61.xls

windows7-x64

10

6061cba0f2...61.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6061cba0f25b76e6f6ebca1a49eef1e8297a3e5383e3c6b456fec1a6de001e61

  • Size

    96KB

  • Sample

    241120-fmc5la1ngs

  • MD5

    153cc097b46712bc6e1cb99141f34d11

  • SHA1

    853c232b15ae994b05ba1e6b0d1be9f5e0393d79

  • SHA256

    6061cba0f25b76e6f6ebca1a49eef1e8297a3e5383e3c6b456fec1a6de001e61

  • SHA512

    c221ac251a030841b2df2566b984357da33807cb77ea7714b3b85f63a77350ab8842954124c48958c9610cc29e33cc2f1b0386c0b12e4d51bceab780e0f8557c

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmo:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/
xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/
xlm40.dropper

http://atici.net/c/JDFDBMIz/
xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

    • Target

      6061cba0f25b76e6f6ebca1a49eef1e8297a3e5383e3c6b456fec1a6de001e61

    • Size

      96KB

    • MD5

      153cc097b46712bc6e1cb99141f34d11

    • SHA1

      853c232b15ae994b05ba1e6b0d1be9f5e0393d79

    • SHA256

      6061cba0f25b76e6f6ebca1a49eef1e8297a3e5383e3c6b456fec1a6de001e61

    • SHA512

      c221ac251a030841b2df2566b984357da33807cb77ea7714b3b85f63a77350ab8842954124c48958c9610cc29e33cc2f1b0386c0b12e4d51bceab780e0f8557c

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmo:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks