Overview

overview

10

Static

static

8

3b340212b8...ff.xls

windows7-x64

10

3b340212b8...ff.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b340212b863324ef8c0228aff6bcb6c008ce08160c31d02c3b18b362e4f0bff

  • Size

    47KB

  • Sample

    241120-zes1masdrc

  • MD5

    0b96bcfb5376095b15ee29633feae05b

  • SHA1

    94241c3bdc25b33d595ec38c2132be0ffc2d41a0

  • SHA256

    3b340212b863324ef8c0228aff6bcb6c008ce08160c31d02c3b18b362e4f0bff

  • SHA512

    b6841d24ff52cde810babf185c929657b727e205270f157c9413a44d2646053827e3cdc9a8e000b8d011f53feddc021228383fd178007332d70c0a92eabadfa2

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5H:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gV

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      3b340212b863324ef8c0228aff6bcb6c008ce08160c31d02c3b18b362e4f0bff

    • Size

      47KB

    • MD5

      0b96bcfb5376095b15ee29633feae05b

    • SHA1

      94241c3bdc25b33d595ec38c2132be0ffc2d41a0

    • SHA256

      3b340212b863324ef8c0228aff6bcb6c008ce08160c31d02c3b18b362e4f0bff

    • SHA512

      b6841d24ff52cde810babf185c929657b727e205270f157c9413a44d2646053827e3cdc9a8e000b8d011f53feddc021228383fd178007332d70c0a92eabadfa2

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5H:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gV

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks