Overview

overview

10

Static

static

8

e576f0c726...eb.xls

windows7-x64

10

e576f0c726...eb.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e576f0c7269ef35345bf29f4b41befc59dc77e7fecc15d7c2ab4482dabd64aeb

  • Size

    51KB

  • Sample

    241120-ntwjhswhqq

  • MD5

    001a854759f62534729f26efa86167b7

  • SHA1

    af70c6a858c2bbd757b4016a9a63511e15dc08b4

  • SHA256

    e576f0c7269ef35345bf29f4b41befc59dc77e7fecc15d7c2ab4482dabd64aeb

  • SHA512

    cacf910ca6b62b423565753a4f05214d760161b8ae4b3ccc3a43f455f66d899e869a9d132be9625b1d4ec62c283cddc46416232b3b21dc47e3467002f7af3603

  • SSDEEP

    1536:ORKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/43SaT3h86rdKRFvo:UKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM5

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bsprabodhini.org/content/BwV8Kq1EUUT5mlon5MD/
xlm40.dropper

https://bb2play.com/wzzx/VcaXG4LsR7mOWebAI/
xlm40.dropper

http://futaba.youchien.net/wp-content/AJ0vdv/
xlm40.dropper

http://www.crazy97.com/wp-includes/VRppRwDg2dBW2NcQASF/
xlm40.dropper

http://46.4.78.202/wp-content/xOvCgoYFAIVjwy6I/
xlm40.dropper

http://britainsolicitors.com/wp-admin/2ysGFKDbYP5sJB0Xg/

Targets

    • Target

      e576f0c7269ef35345bf29f4b41befc59dc77e7fecc15d7c2ab4482dabd64aeb

    • Size

      51KB

    • MD5

      001a854759f62534729f26efa86167b7

    • SHA1

      af70c6a858c2bbd757b4016a9a63511e15dc08b4

    • SHA256

      e576f0c7269ef35345bf29f4b41befc59dc77e7fecc15d7c2ab4482dabd64aeb

    • SHA512

      cacf910ca6b62b423565753a4f05214d760161b8ae4b3ccc3a43f455f66d899e869a9d132be9625b1d4ec62c283cddc46416232b3b21dc47e3467002f7af3603

    • SSDEEP

      1536:ORKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/43SaT3h86rdKRFvo:UKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM5

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks