Overview

overview

10

Static

static

8

2d07b1a769...0c.xls

windows7-x64

10

2d07b1a769...0c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d07b1a769e2a267fae2e6e1a015bc7c3dd1171fc3f71370d324182fe620a70c

  • Size

    101KB

  • Sample

    241120-jtetjstcre

  • MD5

    4e0fa2c55781f9e44f85055be60c22c6

  • SHA1

    43cd586621d9b6d5f266453db7ce3f06eb61c8c5

  • SHA256

    2d07b1a769e2a267fae2e6e1a015bc7c3dd1171fc3f71370d324182fe620a70c

  • SHA512

    58410bae1c48fcf7f58c3c8ad3d81687a59496dfe3191ff705d0c1b7e8e2b09b2c81ca81fc0521bcc376b4ec903f8857dcb9ea922e3f7c679095d6884e504112

  • SSDEEP

    3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8OA:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+U

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dlfreight.com/wp-includes/zLuZdtVkoriGTaRE/
xlm40.dropper

http://hadramout21.com/jetpack-temp/KjOqTnCwBbVrz8w/
xlm40.dropper

http://groupesther.com/wp-admin/2hhcMwfOG0aRi1t/
xlm40.dropper

http://datainline.com/aspnet_client/56LwAJvy/
xlm40.dropper

http://greycoconut.com/edm/0ywf2bF/

Targets

    • Target

      2d07b1a769e2a267fae2e6e1a015bc7c3dd1171fc3f71370d324182fe620a70c

    • Size

      101KB

    • MD5

      4e0fa2c55781f9e44f85055be60c22c6

    • SHA1

      43cd586621d9b6d5f266453db7ce3f06eb61c8c5

    • SHA256

      2d07b1a769e2a267fae2e6e1a015bc7c3dd1171fc3f71370d324182fe620a70c

    • SHA512

      58410bae1c48fcf7f58c3c8ad3d81687a59496dfe3191ff705d0c1b7e8e2b09b2c81ca81fc0521bcc376b4ec903f8857dcb9ea922e3f7c679095d6884e504112

    • SSDEEP

      3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8OA:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+U

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks