Overview

overview

10

Static

static

8

2390e1c6e5...ab.zip

windows7-x64

1

2390e1c6e5...ab.zip

windows10-2004-x64

1

a41dfd112f...d7.xls

windows7-x64

10

a41dfd112f...d7.xls

windows10-2004-x64

10

c3d71f860c...34.xls

windows7-x64

10

c3d71f860c...34.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2390e1c6e5620f5309acacba1522875762a6c18cb15bc5647d0d3e3f1de9f3ab

  • Size

    75KB

  • Sample

    241120-q5m3mayapn

  • MD5

    7eb4cbb52b993b7ab6f68d92b1445baf

  • SHA1

    798e77354762c66a5a5b297227c9694530322411

  • SHA256

    2390e1c6e5620f5309acacba1522875762a6c18cb15bc5647d0d3e3f1de9f3ab

  • SHA512

    f559968296eccc4458f35ddbde0ba0cb269377f149fe1ad9a072c975921fee3c97332eb37791be1520eb7aa74ef751b4747b81ffedf25108ae6d2f99baced769

  • SSDEEP

    1536:UBjHsDP/JdgaYZqhfnCUVxz2eiqulHQSQClwdEx7IbYWlB/7nX6iSElCU:U+x/NVxzniquFojddf/7KiSjU

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ewingconsulting.com/wp-includes/1sqrshC/
xlm40.dropper

http://www.llev.com.br/app/W2ehSSGWXTBpOf/
xlm40.dropper

http://digital21.cl/genchile/Pp1LDfwHR0IJPWHpq3R/
xlm40.dropper

http://nellydwiputri.co.id/images/lZfuoNe2vyr/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://zonainformatica.es/aspnet_client/n0ULlfoAHHQh9tagckL/
xlm40.dropper

https://napolni.me/3r/ILq7TqCUS/
xlm40.dropper

http://sigratech.de/career/sRpMMHief7H/
xlm40.dropper

http://webbandi.hu/image/Ifm98UCtROXr/

Targets

    • Target

      2390e1c6e5620f5309acacba1522875762a6c18cb15bc5647d0d3e3f1de9f3ab

    • Size

      75KB

    • MD5

      7eb4cbb52b993b7ab6f68d92b1445baf

    • SHA1

      798e77354762c66a5a5b297227c9694530322411

    • SHA256

      2390e1c6e5620f5309acacba1522875762a6c18cb15bc5647d0d3e3f1de9f3ab

    • SHA512

      f559968296eccc4458f35ddbde0ba0cb269377f149fe1ad9a072c975921fee3c97332eb37791be1520eb7aa74ef751b4747b81ffedf25108ae6d2f99baced769

    • SSDEEP

      1536:UBjHsDP/JdgaYZqhfnCUVxz2eiqulHQSQClwdEx7IbYWlB/7nX6iSElCU:U+x/NVxzniquFojddf/7KiSjU

    Score
    1/10
    behavioral1behavioral2

    • Target

      a41dfd112fed7df825f4863b94e168d7.xls

    • Size

      94KB

    • MD5

      a41dfd112fed7df825f4863b94e168d7

    • SHA1

      bd249e289dc3189a3709dd038c06ae428fdbf3f6

    • SHA256

      487ec96355ff0dcffde022991ef51d52afdaab2901a80c3fe2a25b3a56dcbc7d

    • SHA512

      df0993c926a3e11923d0161d6c7f5f30280fc862424ac2d79c20e53df95845848661a55484aa122ccb4b772d58b4b2237aa7d594b6f827afe8d8090f5487a4ee

    • SSDEEP

      1536:NFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgiHuS4hcTO97v7UYdEJmFCu:3Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dgj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral3behavioral4

    • Target

      c3d71f860c941fb9a4a16f5b1ebf0c34.xls

    • Size

      95KB

    • MD5

      c3d71f860c941fb9a4a16f5b1ebf0c34

    • SHA1

      f00ce3f1fb55634b64a53caa3a4c4388729c05dc

    • SHA256

      200f8456509d6f70d23e575dbd09ed7de6d88ce5ca0c319f3ff98eeb94813277

    • SHA512

      d46b2223cf4a848fdca7773a0a4b7117f4a268c4662abbc4689b39b9279fce6e02a6a6125c0642e0172033b44ddbe923fc07d06fae86853afa25910768b668d8

    • SSDEEP

      1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgg5HuS4hcTO97v7UYdEJmeA:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgt

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks