Overview

overview

10

Static

static

8

1cd7290b27...c5.xls

windows7-x64

10

1cd7290b27...c5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cd7290b27309bd0f73c33b824d6a224b77b33e30fca64425e384ff5a6bb4cc5

  • Size

    45KB

  • Sample

    241120-qf96vs1raq

  • MD5

    f319e3a15e736a0e27c33e2567180c78

  • SHA1

    cf1d93c856520144417023f1ba14f6f3a473ba86

  • SHA256

    1cd7290b27309bd0f73c33b824d6a224b77b33e30fca64425e384ff5a6bb4cc5

  • SHA512

    452fa23abf2efc351f448595eabc7bbdf3765514a4f6374d93f6c59a6e8a48c2b3f86293124364a393aa84f01ce7a38cf895751e8907e19f61617f461240c41c

  • SSDEEP

    768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlV:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/d9

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fpd.cl/cgi-bin/83E0xgTMc/
xlm40.dropper

https://el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
xlm40.dropper

https://www.manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
xlm40.dropper

http://contactworks.nl/layouts/fFxKZabh/
xlm40.dropper

http://baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/

Targets

    • Target

      1cd7290b27309bd0f73c33b824d6a224b77b33e30fca64425e384ff5a6bb4cc5

    • Size

      45KB

    • MD5

      f319e3a15e736a0e27c33e2567180c78

    • SHA1

      cf1d93c856520144417023f1ba14f6f3a473ba86

    • SHA256

      1cd7290b27309bd0f73c33b824d6a224b77b33e30fca64425e384ff5a6bb4cc5

    • SHA512

      452fa23abf2efc351f448595eabc7bbdf3765514a4f6374d93f6c59a6e8a48c2b3f86293124364a393aa84f01ce7a38cf895751e8907e19f61617f461240c41c

    • SSDEEP

      768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlV:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/d9

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks