Overview

overview

10

Static

static

8

782ca60048...a1.xls

windows7-x64

10

782ca60048...a1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    782ca60048a212cd4aa97f13c43a6f685a4b7f19158ee83cc45f1d4a99b3cda1

  • Size

    56KB

  • Sample

    241120-w7glhs1amh

  • MD5

    4597867f7e13ed3b27971c8772cf2683

  • SHA1

    f6c79de5edbab3320737f251978e53b3f74c7db6

  • SHA256

    782ca60048a212cd4aa97f13c43a6f685a4b7f19158ee83cc45f1d4a99b3cda1

  • SHA512

    3ed9db0b36695b66369352e030c088e4706f5406d10d4456dffa7fe74affd1ac6c4ac2c56671142fcdfc25cf2defa1e8aa66d427256bc5dda22c56c0fd213b3d

  • SSDEEP

    1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvf:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://church.ktc-center.net/PbSkdCOW/
xlm40.dropper

https://chobemaster.com/components/gus/
xlm40.dropper

https://christianchapman.com/cgi-bin/gADHL9UXSFUTN/

Targets

    • Target

      782ca60048a212cd4aa97f13c43a6f685a4b7f19158ee83cc45f1d4a99b3cda1

    • Size

      56KB

    • MD5

      4597867f7e13ed3b27971c8772cf2683

    • SHA1

      f6c79de5edbab3320737f251978e53b3f74c7db6

    • SHA256

      782ca60048a212cd4aa97f13c43a6f685a4b7f19158ee83cc45f1d4a99b3cda1

    • SHA512

      3ed9db0b36695b66369352e030c088e4706f5406d10d4456dffa7fe74affd1ac6c4ac2c56671142fcdfc25cf2defa1e8aa66d427256bc5dda22c56c0fd213b3d

    • SSDEEP

      1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg/5G9XSZ4umvf:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgM

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks