Overview

overview

10

Static

static

8

e978ecdff4...7e.xls

windows7-x64

10

e978ecdff4...7e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e978ecdff464d7ad8211e8f79259766fc8c14cb98424d3fdd10fd77d8ee4967e

  • Size

    80KB

  • Sample

    241120-pqdd7swrgx

  • MD5

    19ade16f02996878f0a6ed56e4d777b4

  • SHA1

    79a95c8d35775ed5467a719796f225d760948f35

  • SHA256

    e978ecdff464d7ad8211e8f79259766fc8c14cb98424d3fdd10fd77d8ee4967e

  • SHA512

    f3e3f4bc3d73be970f160eb59a961dcf4f53fb5d0257da82b5387eb4681a0d1e4708de169402c18a8c55f256ea6736afed19e670282320785875a3aa26da18b8

  • SSDEEP

    1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFq:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dH

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/
xlm40.dropper

http://cerdi.com/_derived/J4Fu7VmGZQ7rGA/
xlm40.dropper

https://www.chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/
xlm40.dropper

http://bsbmakina.com.tr/logo/eVWaAWm/

Targets

    • Target

      e978ecdff464d7ad8211e8f79259766fc8c14cb98424d3fdd10fd77d8ee4967e

    • Size

      80KB

    • MD5

      19ade16f02996878f0a6ed56e4d777b4

    • SHA1

      79a95c8d35775ed5467a719796f225d760948f35

    • SHA256

      e978ecdff464d7ad8211e8f79259766fc8c14cb98424d3fdd10fd77d8ee4967e

    • SHA512

      f3e3f4bc3d73be970f160eb59a961dcf4f53fb5d0257da82b5387eb4681a0d1e4708de169402c18a8c55f256ea6736afed19e670282320785875a3aa26da18b8

    • SSDEEP

      1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFq:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dH

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks