Overview

overview

10

Static

static

8

b0225b8155...e8.xls

windows7-x64

10

b0225b8155...e8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0225b8155b48e748206bd1d51dcf8ef239900726cddf604dc04aff4079502e8

  • Size

    63KB

  • Sample

    241120-nsq8eawnaz

  • MD5

    9f9395689992bce448582cb2571d70f0

  • SHA1

    93bc4d1adc82b4610318e14172a2a82988a6d02b

  • SHA256

    b0225b8155b48e748206bd1d51dcf8ef239900726cddf604dc04aff4079502e8

  • SHA512

    1d25d9e9d142d3dfe57b6a829bb5bf0b375a076954f3b48519f80da9f85ea70acaff236b0bf5aabdc8b8adb844c4c8149f7f863307180bf03cc6d0ba7034c304

  • SSDEEP

    1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5ot/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgn

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.careofu.com/PHPExcel/sQ78BedribNJZbGYj/
xlm40.dropper

https://cedeco.es/js/n74fS/
xlm40.dropper

http://balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/
xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/

Targets

    • Target

      b0225b8155b48e748206bd1d51dcf8ef239900726cddf604dc04aff4079502e8

    • Size

      63KB

    • MD5

      9f9395689992bce448582cb2571d70f0

    • SHA1

      93bc4d1adc82b4610318e14172a2a82988a6d02b

    • SHA256

      b0225b8155b48e748206bd1d51dcf8ef239900726cddf604dc04aff4079502e8

    • SHA512

      1d25d9e9d142d3dfe57b6a829bb5bf0b375a076954f3b48519f80da9f85ea70acaff236b0bf5aabdc8b8adb844c4c8149f7f863307180bf03cc6d0ba7034c304

    • SSDEEP

      1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5ot/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgn

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks