Overview

overview

10

Static

static

8

0bb8cb14c3...ea.xls

windows7-x64

10

0bb8cb14c3...ea.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bb8cb14c33b113b67ad0307cbf5a81e8beaa57d50253f6b556730dc6bc607ea

  • Size

    70KB

  • Sample

    241120-xk1asa1ngx

  • MD5

    77456b768c15d9ba0cb52e757c353532

  • SHA1

    cf5ef1597896e64d2b98dffd64b293550c9f2e20

  • SHA256

    0bb8cb14c33b113b67ad0307cbf5a81e8beaa57d50253f6b556730dc6bc607ea

  • SHA512

    d081b7a0839aa406f8ead7262734833ebf8131ae0b4cf2a6c50276a9a04f44e1ef2114d06a4846ff2e5ba439bec2c5b9e24f67420cca48dd9b6dcd69205d4f31

  • SSDEEP

    1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://strachanclark.com/images/3gc4qCpSFYbBMDEC/
xlm40.dropper

https://synapse-archive.com/images/bKaMr/
xlm40.dropper

https://sumuvesa.com/wp-includes/rgL/

Targets

    • Target

      0bb8cb14c33b113b67ad0307cbf5a81e8beaa57d50253f6b556730dc6bc607ea

    • Size

      70KB

    • MD5

      77456b768c15d9ba0cb52e757c353532

    • SHA1

      cf5ef1597896e64d2b98dffd64b293550c9f2e20

    • SHA256

      0bb8cb14c33b113b67ad0307cbf5a81e8beaa57d50253f6b556730dc6bc607ea

    • SHA512

      d081b7a0839aa406f8ead7262734833ebf8131ae0b4cf2a6c50276a9a04f44e1ef2114d06a4846ff2e5ba439bec2c5b9e24f67420cca48dd9b6dcd69205d4f31

    • SSDEEP

      1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks