Overview

overview

10

Static

static

8

942577e255...28.xls

windows7-x64

10

942577e255...28.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    942577e25598e92e66ebd87f01ccaf6d4fd5e4c274600f1fa2d26dc3293a4128

  • Size

    47KB

  • Sample

    241120-lr2awawamn

  • MD5

    c7095f0605fb6fd232c76a7cd9e74c56

  • SHA1

    139db7c6cd4338274a744a6a04f46e3833d6a088

  • SHA256

    942577e25598e92e66ebd87f01ccaf6d4fd5e4c274600f1fa2d26dc3293a4128

  • SHA512

    f2922c03322a61781a7dcea8f9ded712dbdf1ed963e1641b7fecf1e21eacf3b9f050583335ad56e011519869f3c3c4c054b759a8ab85f0b529c5f792e5671084

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5j:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gx

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      942577e25598e92e66ebd87f01ccaf6d4fd5e4c274600f1fa2d26dc3293a4128

    • Size

      47KB

    • MD5

      c7095f0605fb6fd232c76a7cd9e74c56

    • SHA1

      139db7c6cd4338274a744a6a04f46e3833d6a088

    • SHA256

      942577e25598e92e66ebd87f01ccaf6d4fd5e4c274600f1fa2d26dc3293a4128

    • SHA512

      f2922c03322a61781a7dcea8f9ded712dbdf1ed963e1641b7fecf1e21eacf3b9f050583335ad56e011519869f3c3c4c054b759a8ab85f0b529c5f792e5671084

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5j:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gx

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks