Overview

overview

10

Static

static

8

cc1dee8bdf...dc.xls

windows7-x64

10

cc1dee8bdf...dc.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc1dee8bdf1a5c906530e9488081e2d74abcf3175b0ae9b502bc9f75ac1c25dc

  • Size

    48KB

  • Sample

    241120-vdbbzayhre

  • MD5

    f38f3e50b7d692408660aa732637b976

  • SHA1

    0d86d5cea319ad250880769036e71889c7d92a05

  • SHA256

    cc1dee8bdf1a5c906530e9488081e2d74abcf3175b0ae9b502bc9f75ac1c25dc

  • SHA512

    88f5117d15008f6f6e7ad80d1aa0cfec2e37127c86a58a44ddc5335ae851b9274b41cb5c8266fdfdb87c54d411da8340422faa6970105371dd9480dc7648a338

  • SSDEEP

    768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej79:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gy

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://famesa.com.ar/dos/gaa/
xlm40.dropper

https://www.fantasyclub.com.br/imgs/rggmVTfvT/
xlm40.dropper

http://ecoarch.com.tw/cgi-bin/vWW/
xlm40.dropper

https://dp-flex.co.jp/cgi-bin/Bt3Ycq5Tix/
xlm40.dropper

http://dharmacomunicacao.com.br/OLD/PjBkVBhUH/

Targets

    • Target

      cc1dee8bdf1a5c906530e9488081e2d74abcf3175b0ae9b502bc9f75ac1c25dc

    • Size

      48KB

    • MD5

      f38f3e50b7d692408660aa732637b976

    • SHA1

      0d86d5cea319ad250880769036e71889c7d92a05

    • SHA256

      cc1dee8bdf1a5c906530e9488081e2d74abcf3175b0ae9b502bc9f75ac1c25dc

    • SHA512

      88f5117d15008f6f6e7ad80d1aa0cfec2e37127c86a58a44ddc5335ae851b9274b41cb5c8266fdfdb87c54d411da8340422faa6970105371dd9480dc7648a338

    • SSDEEP

      768:uDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JL/K9abdDKHGeWmqkySbuR/3ej79:u62tfQXi8vgLZkTOHkQT51Vp6AwPe8gy

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks