Overview

overview

10

Static

static

8

f3ca7a0c0a...3.xlsm

windows7-x64

10

f3ca7a0c0a...3.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3ca7a0c0a161752347f2fb919a4bd320543ecfad7c57c2e8e31320864b74463

  • Size

    56KB

  • Sample

    241120-ga9hpsskaw

  • MD5

    4f2e3bbf4e1169ccd6a74d3161c8719b

  • SHA1

    1003f1e725587fbbed1e46154eca2c82990a9c11

  • SHA256

    f3ca7a0c0a161752347f2fb919a4bd320543ecfad7c57c2e8e31320864b74463

  • SHA512

    17dd745a6895a9c0b9022531b8df216dafc506c8a3cb810d681a7936e633c43ca67afaf63f403eda28360dbc93b8a6702fadc38919742bd91764ac28d1d3a8a8

  • SSDEEP

    1536:mUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:Zsnbcpn+8ZGIFK73tMQ5

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.equus.com/2i8yt/GhBSz6peG/

Targets

    • Target

      f3ca7a0c0a161752347f2fb919a4bd320543ecfad7c57c2e8e31320864b74463

    • Size

      56KB

    • MD5

      4f2e3bbf4e1169ccd6a74d3161c8719b

    • SHA1

      1003f1e725587fbbed1e46154eca2c82990a9c11

    • SHA256

      f3ca7a0c0a161752347f2fb919a4bd320543ecfad7c57c2e8e31320864b74463

    • SHA512

      17dd745a6895a9c0b9022531b8df216dafc506c8a3cb810d681a7936e633c43ca67afaf63f403eda28360dbc93b8a6702fadc38919742bd91764ac28d1d3a8a8

    • SSDEEP

      1536:mUsgWy4WV8cPkkhN+8ZvOVWoNwlQolOko3t0F5uVAwk6:Zsnbcpn+8ZGIFK73tMQ5

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks