Overview

overview

10

Static

static

8

ea5a6b3e30...4a.xls

windows7-x64

10

ea5a6b3e30...4a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea5a6b3e3039696f8351afd283bfb8e8a025e03313568343577753560efa954a

  • Size

    70KB

  • Sample

    241120-mddhbsznam

  • MD5

    6eb984a105a71a5c5242a8d82327bf2b

  • SHA1

    5208c46c26b77c02068ffd0f846102b7dbe69f9f

  • SHA256

    ea5a6b3e3039696f8351afd283bfb8e8a025e03313568343577753560efa954a

  • SHA512

    db9a34af1801a01e946229b3b9973f9c8677c69b88c53ac1608929c78434ada408963e8e6fd0133820ad3a06ac289e52726e0103e7d6e51a430e4d45c328e291

  • SSDEEP

    1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8E7K:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMF

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://prprofile.com/wp-admin/CIqrvgYsvBiBlIM/
xlm40.dropper

https://retardantedefuegoperu.com/slider/rFhAa78/
xlm40.dropper

http://survei.absensi.net/cc-content/YCcjkOA3ijYNu46Y/

Targets

    • Target

      ea5a6b3e3039696f8351afd283bfb8e8a025e03313568343577753560efa954a

    • Size

      70KB

    • MD5

      6eb984a105a71a5c5242a8d82327bf2b

    • SHA1

      5208c46c26b77c02068ffd0f846102b7dbe69f9f

    • SHA256

      ea5a6b3e3039696f8351afd283bfb8e8a025e03313568343577753560efa954a

    • SHA512

      db9a34af1801a01e946229b3b9973f9c8677c69b88c53ac1608929c78434ada408963e8e6fd0133820ad3a06ac289e52726e0103e7d6e51a430e4d45c328e291

    • SSDEEP

      1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/+hDcnTLiQrRTZws8E7K:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMF

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks