Overview

overview

10

Static

static

8

1207a59d1e...98.xls

windows7-x64

10

1207a59d1e...98.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1207a59d1ec826ef93727b8cf794628b0730ead915ea510def04b99c1a1e3b98

  • Size

    101KB

  • Sample

    241120-mfbrhsznbq

  • MD5

    c1e838e287b579f11607f014e031d533

  • SHA1

    82f3194b0da23225c69365d4759c4c23f5c55006

  • SHA256

    1207a59d1ec826ef93727b8cf794628b0730ead915ea510def04b99c1a1e3b98

  • SHA512

    49dc7327c3a967aff45bf54d90dc7256bf54fff7f195bb02569e8e4e1a47bcd1de9a74be4f9b6e490bbe6c642727a732a5e005e09c14ff26fd1773a5d0d895bf

  • SSDEEP

    3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Oc:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+Q

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dlfreight.com/wp-includes/zLuZdtVkoriGTaRE/
xlm40.dropper

http://hadramout21.com/jetpack-temp/KjOqTnCwBbVrz8w/
xlm40.dropper

http://groupesther.com/wp-admin/2hhcMwfOG0aRi1t/
xlm40.dropper

http://datainline.com/aspnet_client/56LwAJvy/
xlm40.dropper

http://greycoconut.com/edm/0ywf2bF/

Targets

    • Target

      1207a59d1ec826ef93727b8cf794628b0730ead915ea510def04b99c1a1e3b98

    • Size

      101KB

    • MD5

      c1e838e287b579f11607f014e031d533

    • SHA1

      82f3194b0da23225c69365d4759c4c23f5c55006

    • SHA256

      1207a59d1ec826ef93727b8cf794628b0730ead915ea510def04b99c1a1e3b98

    • SHA512

      49dc7327c3a967aff45bf54d90dc7256bf54fff7f195bb02569e8e4e1a47bcd1de9a74be4f9b6e490bbe6c642727a732a5e005e09c14ff26fd1773a5d0d895bf

    • SSDEEP

      3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Oc:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+Q

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks