Overview

overview

10

Static

static

8

550e3caf89...b.xlsm

windows7-x64

10

550e3caf89...b.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    550e3caf89e70acd33917b5b601d2bcff9cfa4cd3beb5f06ae8726ee523bf2ab

  • Size

    111KB

  • Sample

    241120-kzjv5ayrak

  • MD5

    0a58d45b0f98293dd85c43dcd7cadc7b

  • SHA1

    9191ad1566fbfc14809ac063eb7e4acc20dfa04c

  • SHA256

    550e3caf89e70acd33917b5b601d2bcff9cfa4cd3beb5f06ae8726ee523bf2ab

  • SHA512

    dabb822bc8d38acbf393c33c001699085cd08243e060e259bb1b5b7df5265c3b747eafff552d3b23c6d4967167e16c5776294d7f0830fa19b2809bd95d6c2097

  • SSDEEP

    1536:PdsEIZD0L1sGW83avyU4o3C8VseP12QaGZKR3K87ftgfxSS66oXzOVZdIWbU4kbe:FJIZDe15ab4LcRtaXR3KUtE4sYzOXPPb

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://reumatismclinic.com/-/scCnm3mbJRpsaBKBbrC/
exe.dropper

https://shodhmanjari.com/wp-admin/xjEmK4Pd3N/
exe.dropper

http://tubelocal.net/wp-admin/X4Xm4Mk/
exe.dropper

https://pacifichomebroker.com/roderick/RRk/
exe.dropper

https://molinai-journal.com/wp-content/4HBv/
exe.dropper

https://marineboyrecords.com/font-awesome/QBBByHDDYl0slxlQ/
exe.dropper

https://mashuk.net/wp-includes/ej6R4fkU/
exe.dropper

https://lapalette.store/Fox-C404/Gngia6hD0i5zsgd2/
exe.dropper

https://jhonnycryptic.com/cgi-bin/OhZdKCDRBYGZudqs/
exe.dropper

https://korean911.com/wp-admin/TZczIsZtMFXxM5T/
exe.dropper

https://fonijuk.org/wp-content/fzq6vYFUMEiRoR8vG/
exe.dropper

https://baltoe.blog/-/6IC/

Targets

    • Target

      550e3caf89e70acd33917b5b601d2bcff9cfa4cd3beb5f06ae8726ee523bf2ab

    • Size

      111KB

    • MD5

      0a58d45b0f98293dd85c43dcd7cadc7b

    • SHA1

      9191ad1566fbfc14809ac063eb7e4acc20dfa04c

    • SHA256

      550e3caf89e70acd33917b5b601d2bcff9cfa4cd3beb5f06ae8726ee523bf2ab

    • SHA512

      dabb822bc8d38acbf393c33c001699085cd08243e060e259bb1b5b7df5265c3b747eafff552d3b23c6d4967167e16c5776294d7f0830fa19b2809bd95d6c2097

    • SSDEEP

      1536:PdsEIZD0L1sGW83avyU4o3C8VseP12QaGZKR3K87ftgfxSS66oXzOVZdIWbU4kbe:FJIZDe15ab4LcRtaXR3KUtE4sYzOXPPb

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks