Overview

overview

10

Static

static

8

ef63377af7...06.xls

windows7-x64

10

ef63377af7...06.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef63377af7c07bd4020d72c6f014e22f2df22cca0c507c7beedd79d0612ae106

  • Size

    47KB

  • Sample

    241120-zgmavsselb

  • MD5

    3311e632600d66faf08f6142f0433c19

  • SHA1

    c0712f58dc4df3025ad65d484273ee2eddf16478

  • SHA256

    ef63377af7c07bd4020d72c6f014e22f2df22cca0c507c7beedd79d0612ae106

  • SHA512

    fc1216a0d7feae1635f221992500d06169ffe5211b452c09d29e8745076516a8e937ff7aca1ec3675c9812dc9410dd74edfcd123207113ae789bda653ac0953d

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5X:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gl

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      ef63377af7c07bd4020d72c6f014e22f2df22cca0c507c7beedd79d0612ae106

    • Size

      47KB

    • MD5

      3311e632600d66faf08f6142f0433c19

    • SHA1

      c0712f58dc4df3025ad65d484273ee2eddf16478

    • SHA256

      ef63377af7c07bd4020d72c6f014e22f2df22cca0c507c7beedd79d0612ae106

    • SHA512

      fc1216a0d7feae1635f221992500d06169ffe5211b452c09d29e8745076516a8e937ff7aca1ec3675c9812dc9410dd74edfcd123207113ae789bda653ac0953d

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5X:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gl

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks