Overview

overview

10

Static

static

8

e04be054f9...d0.xls

windows7-x64

10

e04be054f9...d0.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e04be054f98f2f07de342aa5522df6a18fff7044f1727461da769da5470b2fd0

  • Size

    45KB

  • Sample

    241120-t19mlszjgv

  • MD5

    255f7b25c43db07d7be08ff8c49298b6

  • SHA1

    39f1722e426ef062e8cb3b4920dd2bbdb23017c7

  • SHA256

    e04be054f98f2f07de342aa5522df6a18fff7044f1727461da769da5470b2fd0

  • SHA512

    f01abe9c9a4d485ec13a9e4091c21fc15eb7e696736ad02e50070bb2582dda3d42fed8051aca4fdc3834efd8b8c31d4328a17a09002605e618783b7ab2a54165

  • SSDEEP

    768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlp:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dR

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fpd.cl/cgi-bin/83E0xgTMc/
xlm40.dropper

https://el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
xlm40.dropper

https://www.manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
xlm40.dropper

http://contactworks.nl/layouts/fFxKZabh/
xlm40.dropper

http://baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/

Targets

    • Target

      e04be054f98f2f07de342aa5522df6a18fff7044f1727461da769da5470b2fd0

    • Size

      45KB

    • MD5

      255f7b25c43db07d7be08ff8c49298b6

    • SHA1

      39f1722e426ef062e8cb3b4920dd2bbdb23017c7

    • SHA256

      e04be054f98f2f07de342aa5522df6a18fff7044f1727461da769da5470b2fd0

    • SHA512

      f01abe9c9a4d485ec13a9e4091c21fc15eb7e696736ad02e50070bb2582dda3d42fed8051aca4fdc3834efd8b8c31d4328a17a09002605e618783b7ab2a54165

    • SSDEEP

      768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlp:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dR

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks