Overview

overview

10

Static

static

8

f4b558ed2d...ad.xls

windows7-x64

10

f4b558ed2d...ad.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

  • Size

    95KB

  • Sample

    241120-xc88qa1bqa

  • MD5

    80a4a339331e6edbe2efde77a87cc2e0

  • SHA1

    9ed2a841af1b5aea5fd1ab5df3d6b22df1e77e09

  • SHA256

    f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

  • SHA512

    b96bf9fb5937e5861194937200dca3d0f5e918fe851d0f90f304b93e0522eb57c76c3b687809036670435919b0bc306f0a0553fd9b7b49caa4dc77aace2fcaa3

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFF2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/
xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/
xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/
xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

    • Size

      95KB

    • MD5

      80a4a339331e6edbe2efde77a87cc2e0

    • SHA1

      9ed2a841af1b5aea5fd1ab5df3d6b22df1e77e09

    • SHA256

      f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

    • SHA512

      b96bf9fb5937e5861194937200dca3d0f5e918fe851d0f90f304b93e0522eb57c76c3b687809036670435919b0bc306f0a0553fd9b7b49caa4dc77aace2fcaa3

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFF2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks