Overview

overview

10

Static

static

8

cd844326e1...eb.xls

windows7-x64

10

cd844326e1...eb.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd844326e12de9e7c72f7f49c3bd0beabbbe849e6cdc98ea3d48a569676040eb

  • Size

    96KB

  • Sample

    241120-xr1vws1dpb

  • MD5

    4481d2a29a13e1749116839b169268bf

  • SHA1

    a0a76f9d961b989b309492f28110b2a9757144d0

  • SHA256

    cd844326e12de9e7c72f7f49c3bd0beabbbe849e6cdc98ea3d48a569676040eb

  • SHA512

    0357f9de85b3faf43411170abb6ec6b663026810cab54867301c78d4b1e172cea7680138808e673302f1249ce88ba3e58a9203b283f7d0635618822d074763d9

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmQ:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://atperson.com/campusvirtual/EOgFGo17w/
xlm40.dropper

https://eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/
xlm40.dropper

http://atici.net/c/JDFDBMIz/
xlm40.dropper

http://domesticuif.co.za/libraries/nbnH9dpd/

Targets

    • Target

      cd844326e12de9e7c72f7f49c3bd0beabbbe849e6cdc98ea3d48a569676040eb

    • Size

      96KB

    • MD5

      4481d2a29a13e1749116839b169268bf

    • SHA1

      a0a76f9d961b989b309492f28110b2a9757144d0

    • SHA256

      cd844326e12de9e7c72f7f49c3bd0beabbbe849e6cdc98ea3d48a569676040eb

    • SHA512

      0357f9de85b3faf43411170abb6ec6b663026810cab54867301c78d4b1e172cea7680138808e673302f1249ce88ba3e58a9203b283f7d0635618822d074763d9

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2HuS4hcTO97v7UYdEJmQ:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks