Overview

overview

10

Static

static

8

8787c0145d...74.xls

windows7-x64

10

8787c0145d...74.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8787c0145dd3f55caf719d92b71057e3f061a47860510991563021812b47fc74

  • Size

    63KB

  • Sample

    241120-nfpttazrfk

  • MD5

    7c22e6aa4e01118efdb1ddf5220e60b1

  • SHA1

    7cd971156c45b8671f374b73cbd6cf9af1a48c0f

  • SHA256

    8787c0145dd3f55caf719d92b71057e3f061a47860510991563021812b47fc74

  • SHA512

    620e47c5b12d66ec7a10b47095ae5be87d09a098dcadb708bdcdfe7380605e5dd998e790e086a8b80dc9989e7e2d7fe64e9dbb16b9fc365f20c741a9eb5d9774

  • SSDEEP

    1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5o1/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgP

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.careofu.com/PHPExcel/sQ78BedribNJZbGYj/
xlm40.dropper

https://cedeco.es/js/n74fS/
xlm40.dropper

http://balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/
xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/

Targets

    • Target

      8787c0145dd3f55caf719d92b71057e3f061a47860510991563021812b47fc74

    • Size

      63KB

    • MD5

      7c22e6aa4e01118efdb1ddf5220e60b1

    • SHA1

      7cd971156c45b8671f374b73cbd6cf9af1a48c0f

    • SHA256

      8787c0145dd3f55caf719d92b71057e3f061a47860510991563021812b47fc74

    • SHA512

      620e47c5b12d66ec7a10b47095ae5be87d09a098dcadb708bdcdfe7380605e5dd998e790e086a8b80dc9989e7e2d7fe64e9dbb16b9fc365f20c741a9eb5d9774

    • SSDEEP

      1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5o1/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgP

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks