Overview

overview

10

Static

static

8

535db8778a...37.xls

windows7-x64

10

535db8778a...37.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    535db8778a709bec57e7ac0caa1ecf1e2e685d19882af87f38a619a3e30df137

  • Size

    48KB

  • Sample

    241120-q9ypxsxdlc

  • MD5

    be4fd20947eef2ab8c02d09ff7c9840b

  • SHA1

    499b85913ba0600b00f2622886ec07fc32ea1975

  • SHA256

    535db8778a709bec57e7ac0caa1ecf1e2e685d19882af87f38a619a3e30df137

  • SHA512

    ad6adc7fa811a9c17e77a5c494a35443c784a4490f3e1ffc49f368ad3f2ba31b03b77dfb3875be87a1152dde777283ec7f90c65b9e25d9e2a50537ef4d569369

  • SSDEEP

    768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7d:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gS

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://famesa.com.ar/dos/gaa/
xlm40.dropper

https://www.fantasyclub.com.br/imgs/rggmVTfvT/
xlm40.dropper

http://ecoarch.com.tw/cgi-bin/vWW/
xlm40.dropper

https://dp-flex.co.jp/cgi-bin/Bt3Ycq5Tix/
xlm40.dropper

http://dharmacomunicacao.com.br/OLD/PjBkVBhUH/

Targets

    • Target

      535db8778a709bec57e7ac0caa1ecf1e2e685d19882af87f38a619a3e30df137

    • Size

      48KB

    • MD5

      be4fd20947eef2ab8c02d09ff7c9840b

    • SHA1

      499b85913ba0600b00f2622886ec07fc32ea1975

    • SHA256

      535db8778a709bec57e7ac0caa1ecf1e2e685d19882af87f38a619a3e30df137

    • SHA512

      ad6adc7fa811a9c17e77a5c494a35443c784a4490f3e1ffc49f368ad3f2ba31b03b77dfb3875be87a1152dde777283ec7f90c65b9e25d9e2a50537ef4d569369

    • SSDEEP

      768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej7d:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gS

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks