Overview

overview

10

Static

static

8

ac6e3aaa13...4c.xls

windows7-x64

10

ac6e3aaa13...4c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac6e3aaa1362c0d90a2f8579ece2bb2f8c3ed2cedef0a86bee2be24d1326944c

  • Size

    45KB

  • Sample

    241120-z4a64stlfy

  • MD5

    22f178981be291f958252d6cb08e2114

  • SHA1

    6dea36cf90c21d32bffd6c050abba896f3e87f7f

  • SHA256

    ac6e3aaa1362c0d90a2f8579ece2bb2f8c3ed2cedef0a86bee2be24d1326944c

  • SHA512

    e7b4ca1570ae8021b0d2957328ca3969c81127200daa0b69ff6d58e7f8ead5bacd38672bcbf7fb635bc3857660a754016864af9d1c2ea4f58b76e76ef4f12822

  • SSDEEP

    768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlZ:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dB

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fpd.cl/cgi-bin/83E0xgTMc/
xlm40.dropper

https://el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
xlm40.dropper

https://www.manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
xlm40.dropper

http://contactworks.nl/layouts/fFxKZabh/
xlm40.dropper

http://baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/

Targets

    • Target

      ac6e3aaa1362c0d90a2f8579ece2bb2f8c3ed2cedef0a86bee2be24d1326944c

    • Size

      45KB

    • MD5

      22f178981be291f958252d6cb08e2114

    • SHA1

      6dea36cf90c21d32bffd6c050abba896f3e87f7f

    • SHA256

      ac6e3aaa1362c0d90a2f8579ece2bb2f8c3ed2cedef0a86bee2be24d1326944c

    • SHA512

      e7b4ca1570ae8021b0d2957328ca3969c81127200daa0b69ff6d58e7f8ead5bacd38672bcbf7fb635bc3857660a754016864af9d1c2ea4f58b76e76ef4f12822

    • SSDEEP

      768:bkPKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAPVdtWgojJcFDqCRt6vuVUeJlZ:bsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dB

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks