Overview

overview

10

Static

static

8

d43224a19e...94.xls

windows7-x64

10

d43224a19e...94.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d43224a19eff8b25663d534e7a3a6b8967e83732fbbf6e42a0adbdcffe582994

  • Size

    48KB

  • Sample

    241120-mgtzgszndl

  • MD5

    10646384c1614b7dcfdf9f1297e38052

  • SHA1

    6a175e4599f94e889acf0b58d9655685e0354533

  • SHA256

    d43224a19eff8b25663d534e7a3a6b8967e83732fbbf6e42a0adbdcffe582994

  • SHA512

    a6b3a8cb3f31f18b44f27471489caf2a1d984b03651a674d3114b9d7a7983208ec20e10959f70c35b835b8a7a592e98c501d958c4388f7ba64c052cdf3c7f5d7

  • SSDEEP

    768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7Z:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8g2

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://famesa.com.ar/dos/gaa/
xlm40.dropper

https://www.fantasyclub.com.br/imgs/rggmVTfvT/
xlm40.dropper

http://ecoarch.com.tw/cgi-bin/vWW/
xlm40.dropper

https://dp-flex.co.jp/cgi-bin/Bt3Ycq5Tix/
xlm40.dropper

http://dharmacomunicacao.com.br/OLD/PjBkVBhUH/

Targets

    • Target

      d43224a19eff8b25663d534e7a3a6b8967e83732fbbf6e42a0adbdcffe582994

    • Size

      48KB

    • MD5

      10646384c1614b7dcfdf9f1297e38052

    • SHA1

      6a175e4599f94e889acf0b58d9655685e0354533

    • SHA256

      d43224a19eff8b25663d534e7a3a6b8967e83732fbbf6e42a0adbdcffe582994

    • SHA512

      a6b3a8cb3f31f18b44f27471489caf2a1d984b03651a674d3114b9d7a7983208ec20e10959f70c35b835b8a7a592e98c501d958c4388f7ba64c052cdf3c7f5d7

    • SSDEEP

      768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7Z:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8g2

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks