Overview

overview

10

Static

static

8

339ba00d4b...26.xls

windows7-x64

10

339ba00d4b...26.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    339ba00d4bc82c076bb9c6aefbcf2a7407055bf23d70108828ac9d204bcedb26

  • Size

    95KB

  • Sample

    241120-gjjzeaslet

  • MD5

    713b8a06b07daa86f4f2a212822b2879

  • SHA1

    e7b94a3850707dbd4324c20f9c4aca7c180fa3d7

  • SHA256

    339ba00d4bc82c076bb9c6aefbcf2a7407055bf23d70108828ac9d204bcedb26

  • SHA512

    0e29ad0ec21e40654ec1e18434872bc830c0df12b259a1559deb36ae8117e92044cf1cdbc1a80260e916d7d8d6003e42fb9f263c777bd714f10d28e1beaa98df

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFh2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/
xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/
xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/
xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      339ba00d4bc82c076bb9c6aefbcf2a7407055bf23d70108828ac9d204bcedb26

    • Size

      95KB

    • MD5

      713b8a06b07daa86f4f2a212822b2879

    • SHA1

      e7b94a3850707dbd4324c20f9c4aca7c180fa3d7

    • SHA256

      339ba00d4bc82c076bb9c6aefbcf2a7407055bf23d70108828ac9d204bcedb26

    • SHA512

      0e29ad0ec21e40654ec1e18434872bc830c0df12b259a1559deb36ae8117e92044cf1cdbc1a80260e916d7d8d6003e42fb9f263c777bd714f10d28e1beaa98df

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFh2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks