Overview

overview

10

Static

static

8

adf45c0cca...23.xls

windows7-x64

10

adf45c0cca...23.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adf45c0ccad78dbf11bb40039201a4e7acf5d8c75854b3c7a25b0584e55eef23

  • Size

    48KB

  • Sample

    241120-pgp2mswqgt

  • MD5

    e75842e22ecb23895a09785cd86dbeb3

  • SHA1

    e6adf9e8eecc94ceb288b93f1d5322cbae1faad1

  • SHA256

    adf45c0ccad78dbf11bb40039201a4e7acf5d8c75854b3c7a25b0584e55eef23

  • SHA512

    b543621e13a015741db717daf435ab9b18371cc997d69576470181a23704b30045918661b751e03b644cb6a38433a7bf554af6696483e06c3fd50f7d897aac7c

  • SSDEEP

    768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7J:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gG

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://famesa.com.ar/dos/gaa/
xlm40.dropper

https://www.fantasyclub.com.br/imgs/rggmVTfvT/
xlm40.dropper

http://ecoarch.com.tw/cgi-bin/vWW/
xlm40.dropper

https://dp-flex.co.jp/cgi-bin/Bt3Ycq5Tix/
xlm40.dropper

http://dharmacomunicacao.com.br/OLD/PjBkVBhUH/

Targets

    • Target

      adf45c0ccad78dbf11bb40039201a4e7acf5d8c75854b3c7a25b0584e55eef23

    • Size

      48KB

    • MD5

      e75842e22ecb23895a09785cd86dbeb3

    • SHA1

      e6adf9e8eecc94ceb288b93f1d5322cbae1faad1

    • SHA256

      adf45c0ccad78dbf11bb40039201a4e7acf5d8c75854b3c7a25b0584e55eef23

    • SHA512

      b543621e13a015741db717daf435ab9b18371cc997d69576470181a23704b30045918661b751e03b644cb6a38433a7bf554af6696483e06c3fd50f7d897aac7c

    • SSDEEP

      768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7J:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gG

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks