Overview

overview

10

Static

static

8

1e09ddeaa7...12.xls

windows7-x64

10

1e09ddeaa7...12.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e09ddeaa796768014703964bdba506aff272d9260d635c69e8d20b8b9478412

  • Size

    48KB

  • Sample

    241120-jjdhqsvaml

  • MD5

    4083748f5ce60a76ca0aef03b4acf0b3

  • SHA1

    19698284048bfbe8f07cd075927e145b3f3dd7d2

  • SHA256

    1e09ddeaa796768014703964bdba506aff272d9260d635c69e8d20b8b9478412

  • SHA512

    adce5c74847ad5007d64b15f4e7f590ba44b4b9ec4d27017e7f2ff48484d2c46a34654dd538230c1b196348fd66f0b5b4942f96e96f3aeaf437f7a7a4b3a55c2

  • SSDEEP

    768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej79:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gy

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://famesa.com.ar/dos/gaa/
xlm40.dropper

https://www.fantasyclub.com.br/imgs/rggmVTfvT/
xlm40.dropper

http://ecoarch.com.tw/cgi-bin/vWW/
xlm40.dropper

https://dp-flex.co.jp/cgi-bin/Bt3Ycq5Tix/
xlm40.dropper

http://dharmacomunicacao.com.br/OLD/PjBkVBhUH/

Targets

    • Target

      1e09ddeaa796768014703964bdba506aff272d9260d635c69e8d20b8b9478412

    • Size

      48KB

    • MD5

      4083748f5ce60a76ca0aef03b4acf0b3

    • SHA1

      19698284048bfbe8f07cd075927e145b3f3dd7d2

    • SHA256

      1e09ddeaa796768014703964bdba506aff272d9260d635c69e8d20b8b9478412

    • SHA512

      adce5c74847ad5007d64b15f4e7f590ba44b4b9ec4d27017e7f2ff48484d2c46a34654dd538230c1b196348fd66f0b5b4942f96e96f3aeaf437f7a7a4b3a55c2

    • SSDEEP

      768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej79:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gy

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks