Overview

overview

10

Static

static

8

b4c944aae9...39.xls

windows7-x64

10

b4c944aae9...39.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4c944aae926eca8579970763d5ad5936634971f6609fbf544fde331687f0639

  • Size

    47KB

  • Sample

    241120-q1t1daskdm

  • MD5

    bcfc1fad95adbf36fc4549fa72bebe8b

  • SHA1

    01e4bf2fa38064121bdca1ebb084a990e8905a9c

  • SHA256

    b4c944aae926eca8579970763d5ad5936634971f6609fbf544fde331687f0639

  • SHA512

    6ef8dfe1c7827bf00c7ba94e7225ec01cfafc34eb4db626a989f2bf85771cc052135af03484093b96f0fdb444e006a584577159e7acf5853d381717561d300a8

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5j:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gx

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      b4c944aae926eca8579970763d5ad5936634971f6609fbf544fde331687f0639

    • Size

      47KB

    • MD5

      bcfc1fad95adbf36fc4549fa72bebe8b

    • SHA1

      01e4bf2fa38064121bdca1ebb084a990e8905a9c

    • SHA256

      b4c944aae926eca8579970763d5ad5936634971f6609fbf544fde331687f0639

    • SHA512

      6ef8dfe1c7827bf00c7ba94e7225ec01cfafc34eb4db626a989f2bf85771cc052135af03484093b96f0fdb444e006a584577159e7acf5853d381717561d300a8

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5j:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gx

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks