Overview

overview

10

Static

static

8

aa8753316f...e6.xls

windows7-x64

10

aa8753316f...e6.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa8753316fda5e42493330320a9b4362216133a07bb821015fc91d29f5682ee6

  • Size

    47KB

  • Sample

    241120-s98agatmam

  • MD5

    1c3589a86a5f35bd3e5feccc12c4eecf

  • SHA1

    6d98d49773b579421e2cf0218e1df579d41f1f4a

  • SHA256

    aa8753316fda5e42493330320a9b4362216133a07bb821015fc91d29f5682ee6

  • SHA512

    5a4b914ab185ff87d97435f619c0f56231a3bb35702ca915560dc77c450f358e41b470fab37594c52eae244bb26bc66f2b47b2fd14dad1e432c5580992c83744

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5D:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gR

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      aa8753316fda5e42493330320a9b4362216133a07bb821015fc91d29f5682ee6

    • Size

      47KB

    • MD5

      1c3589a86a5f35bd3e5feccc12c4eecf

    • SHA1

      6d98d49773b579421e2cf0218e1df579d41f1f4a

    • SHA256

      aa8753316fda5e42493330320a9b4362216133a07bb821015fc91d29f5682ee6

    • SHA512

      5a4b914ab185ff87d97435f619c0f56231a3bb35702ca915560dc77c450f358e41b470fab37594c52eae244bb26bc66f2b47b2fd14dad1e432c5580992c83744

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5D:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gR

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks