Overview

overview

10

Static

static

8

26945232c4...d5.xls

windows7-x64

10

26945232c4...d5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26945232c42add0072d308f4d29ebf627f16b94e6f1b11ea2ff8af75e97e9cd5

  • Size

    91KB

  • Sample

    241120-pb7z9swekf

  • MD5

    ce1499c2c4e3c2604d9bbbbed376ff10

  • SHA1

    3109fbd455cde1a8d6d2b6725999314214e6a913

  • SHA256

    26945232c42add0072d308f4d29ebf627f16b94e6f1b11ea2ff8af75e97e9cd5

  • SHA512

    db31606d728d1d2b1d615138a3f3092b935d559a77402902a6d0160f68cde58926641e1b987403d270534fdfcebeadfb6ee143bd00d1e5698bfacb395c3d491f

  • SSDEEP

    1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bosny.com/aspnet_client/R50QIOGjmvVlr/
xlm40.dropper

http://navylin.com/autopoisonous/4fZQW/
xlm40.dropper

http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/
xlm40.dropper

http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/

Targets

    • Target

      26945232c42add0072d308f4d29ebf627f16b94e6f1b11ea2ff8af75e97e9cd5

    • Size

      91KB

    • MD5

      ce1499c2c4e3c2604d9bbbbed376ff10

    • SHA1

      3109fbd455cde1a8d6d2b6725999314214e6a913

    • SHA256

      26945232c42add0072d308f4d29ebf627f16b94e6f1b11ea2ff8af75e97e9cd5

    • SHA512

      db31606d728d1d2b1d615138a3f3092b935d559a77402902a6d0160f68cde58926641e1b987403d270534fdfcebeadfb6ee143bd00d1e5698bfacb395c3d491f

    • SSDEEP

      1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/Cs9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgO

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks