Overview

overview

10

Static

static

8

8ea024d86e...d1.xls

windows7-x64

10

8ea024d86e...d1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ea024d86e71e3e1121acbc597d686279dbed7534722d592b3a1de7d237703d1

  • Size

    80KB

  • Sample

    241121-a2rzeaxjfw

  • MD5

    56581bdea36b2cfeb01d0b494117323e

  • SHA1

    af450163903dc4c534a1a9de29ea4f3dd7440361

  • SHA256

    8ea024d86e71e3e1121acbc597d686279dbed7534722d592b3a1de7d237703d1

  • SHA512

    f5341b49680008c38f4f96098df93e11bcc1fb80c5a69e78cac399cbe8cfd0e4531a05fc395a87cd78c2be88c42fc63e64987c82e3951ec5b49f1447c6c23a2d

  • SSDEEP

    1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFa:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/d3

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/
xlm40.dropper

http://cerdi.com/_derived/J4Fu7VmGZQ7rGA/
xlm40.dropper

https://www.chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/
xlm40.dropper

http://bsbmakina.com.tr/logo/eVWaAWm/

Targets

    • Target

      8ea024d86e71e3e1121acbc597d686279dbed7534722d592b3a1de7d237703d1

    • Size

      80KB

    • MD5

      56581bdea36b2cfeb01d0b494117323e

    • SHA1

      af450163903dc4c534a1a9de29ea4f3dd7440361

    • SHA256

      8ea024d86e71e3e1121acbc597d686279dbed7534722d592b3a1de7d237703d1

    • SHA512

      f5341b49680008c38f4f96098df93e11bcc1fb80c5a69e78cac399cbe8cfd0e4531a05fc395a87cd78c2be88c42fc63e64987c82e3951ec5b49f1447c6c23a2d

    • SSDEEP

      1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeFa:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/d3

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks