Overview

overview

10

Static

static

8

5b8744c83f...90.xls

windows7-x64

10

5b8744c83f...90.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b8744c83f96d33d1f4359f51675db7d5282d950d691cf782f04248769618090

  • Size

    56KB

  • Sample

    241120-lq9wmawaln

  • MD5

    9171adfe154ff57424dfd245c318681d

  • SHA1

    637a3dc61e664d5324626c26cae8e525307356d5

  • SHA256

    5b8744c83f96d33d1f4359f51675db7d5282d950d691cf782f04248769618090

  • SHA512

    15bded713d92975e8f06be632c194074d72d7710bfeef4eccb296ee2a0e4cd2e41d7345a6a3716a18c7f323bdcdb57909f5ceb32228a17a66ceb8f2244ba5797

  • SSDEEP

    1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvz:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://church.ktc-center.net/PbSkdCOW/
xlm40.dropper

https://chobemaster.com/components/gus/
xlm40.dropper

https://christianchapman.com/cgi-bin/gADHL9UXSFUTN/

Targets

    • Target

      5b8744c83f96d33d1f4359f51675db7d5282d950d691cf782f04248769618090

    • Size

      56KB

    • MD5

      9171adfe154ff57424dfd245c318681d

    • SHA1

      637a3dc61e664d5324626c26cae8e525307356d5

    • SHA256

      5b8744c83f96d33d1f4359f51675db7d5282d950d691cf782f04248769618090

    • SHA512

      15bded713d92975e8f06be632c194074d72d7710bfeef4eccb296ee2a0e4cd2e41d7345a6a3716a18c7f323bdcdb57909f5ceb32228a17a66ceb8f2244ba5797

    • SSDEEP

      1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvz:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks