Overview

overview

10

Static

static

8

eab7274f72...69.xls

windows7-x64

10

eab7274f72...69.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eab7274f72e1fca77f571f4826ff5ee6704b862e1ad874cbdfa9fbc29f93f169

  • Size

    45KB

  • Sample

    241120-yexs5swpfj

  • MD5

    6ff7286d8e6d885ac2be7392973a4898

  • SHA1

    d412b403a40cfe9b94b81233e0e591c3433a80c2

  • SHA256

    eab7274f72e1fca77f571f4826ff5ee6704b862e1ad874cbdfa9fbc29f93f169

  • SHA512

    b5fb121a32fc4cec869f99e52b02ef24ad7dfa403fe6911ef1ddf8e89a9d4e15b95bc8c054ba10c356c84561121b39884dc83919d10a08aa3eb95aed1d0c950c

  • SSDEEP

    768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJll:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dN

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fpd.cl/cgi-bin/83E0xgTMc/
xlm40.dropper

https://el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
xlm40.dropper

https://www.manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
xlm40.dropper

http://contactworks.nl/layouts/fFxKZabh/
xlm40.dropper

http://baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/

Targets

    • Target

      eab7274f72e1fca77f571f4826ff5ee6704b862e1ad874cbdfa9fbc29f93f169

    • Size

      45KB

    • MD5

      6ff7286d8e6d885ac2be7392973a4898

    • SHA1

      d412b403a40cfe9b94b81233e0e591c3433a80c2

    • SHA256

      eab7274f72e1fca77f571f4826ff5ee6704b862e1ad874cbdfa9fbc29f93f169

    • SHA512

      b5fb121a32fc4cec869f99e52b02ef24ad7dfa403fe6911ef1ddf8e89a9d4e15b95bc8c054ba10c356c84561121b39884dc83919d10a08aa3eb95aed1d0c950c

    • SSDEEP

      768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJll:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dN

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks