Overview

overview

10

Static

static

8

payments 2...07.xls

windows7-x64

10

payments 2...07.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2dc5d6b24b9fb28c9a5a78ba39c9cf014a19ca91c2ab6d0277ef24f7b599e51

  • Size

    22KB

  • Sample

    241120-pyxstawgqh

  • MD5

    c6a9634398d3d9dc1a154b79180fa933

  • SHA1

    e0dc0a4eb6cb8a7ca0d3322e84001828cf212786

  • SHA256

    c2dc5d6b24b9fb28c9a5a78ba39c9cf014a19ca91c2ab6d0277ef24f7b599e51

  • SHA512

    0939872b5cbacf2b4fadc8664957224cf7ee11c8d329212c4b0366b06c5b18d32cf45847182fd0c373793dc5e93b3e1e2b2e7557febd8c18b7b1bc14d73b0ad9

  • SSDEEP

    384:qt/QKIPcvvi1/eOrQ8cmihVvTx3S8G9BMuh+pSPtzVxfEJW92+TY9cSuJr1L1z8O:qtXIPSvW/VE8gVN3SBB/h+pSFZ2JWcFO

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.clintmorey.com/wp-content/QSzbH8Ikl8E/
xlm40.dropper

https://ciberfallas.com/wp-admin/4sU1dATy/
xlm40.dropper

http://code786.com/beeldOLD/ATnNk316/
xlm40.dropper

http://combatenterprises.com/cgi-bin/1BabmNqCKBxUIzUy/
xlm40.dropper

http://sd-1684625-h00001.ferozo.net/PaginaMasVieja1321654/F1M5dBu8axuQkx0p8/
xlm40.dropper

https://comarcahoy.com.ar/wp-content/S1nkrxCcDV89DLpTXhqC/

Targets

    • Target

      payments 25-03-2022_0907.xls

    • Size

      55KB

    • MD5

      78bd82f71a2bc8316fecd05b3cea8244

    • SHA1

      d898b2a7e9977411330c81836faa0f3c81f61c9a

    • SHA256

      2872574e90c90677a662e98f95aa608d8a648e46562c27d2c2bc700645d76ff3

    • SHA512

      8f36958884785ce39ce1cf688519e7ba3c2f5aebd8afa4b66b78d00b81ff282cfead382b2be1a88f2361905d64768b47438057b6ee338403f4f0806d180d9897

    • SSDEEP

      1536:ojKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY5G9XSZAehUXepUNUDph:+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks