Overview

overview

10

Static

static

8

4162c826b7...6b.xls

windows7-x64

10

4162c826b7...6b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4162c826b748a4ba98f96e9eaf0d1bfba377d5a7ef6812c75532ca97c1a40e6b

  • Size

    67KB

  • Sample

    241120-xlvrpa1crc

  • MD5

    e5a1a88f58290748fc1d8d3e21590e42

  • SHA1

    55856ab45615edcacaae7f2934865688f707adea

  • SHA256

    4162c826b748a4ba98f96e9eaf0d1bfba377d5a7ef6812c75532ca97c1a40e6b

  • SHA512

    21300e308e8369d9b29921019481efcd57bf12cf4563673d6175d5cb05f8f13badb32a9c251643322a5b9bdd7488bd70c394e00558abf650ec6dd90e6c7ece85

  • SSDEEP

    1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtc:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UME

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
xlm40.dropper

http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
xlm40.dropper

http://masyuk.com/581voyze/MlX/
xlm40.dropper

http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/

Targets

    • Target

      4162c826b748a4ba98f96e9eaf0d1bfba377d5a7ef6812c75532ca97c1a40e6b

    • Size

      67KB

    • MD5

      e5a1a88f58290748fc1d8d3e21590e42

    • SHA1

      55856ab45615edcacaae7f2934865688f707adea

    • SHA256

      4162c826b748a4ba98f96e9eaf0d1bfba377d5a7ef6812c75532ca97c1a40e6b

    • SHA512

      21300e308e8369d9b29921019481efcd57bf12cf4563673d6175d5cb05f8f13badb32a9c251643322a5b9bdd7488bd70c394e00558abf650ec6dd90e6c7ece85

    • SSDEEP

      1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtc:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UME

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks