Overview

overview

10

Static

static

1

0c69053bf5...f.xlsm

windows7-x64

10

0c69053bf5...f.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebb51c798e70ceb39e210269ceef3495cad9bd3d04b6bb18b00bbbc07f70283a

  • Size

    9KB

  • Sample

    241121-zdgafaxlf1

  • MD5

    a543ed52006aa72ededff8c17c930e68

  • SHA1

    b17dc6739197df2710015e73ff5d239abb2e98da

  • SHA256

    ebb51c798e70ceb39e210269ceef3495cad9bd3d04b6bb18b00bbbc07f70283a

  • SHA512

    9ade759a30fb2b295accf04b79bde06481b222272c61538d73521864f00a54bc840e9e4690f45fde799598e6268701c1049d73d56850b1f94b21c0ca9aedb07e

  • SSDEEP

    192:PWZB/VWVh6J7oQfc3zhCDFh10fx6pFFP/iKz8TMF:PEB9WVucu+zh8F3qx61P/ie

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://13.92.100.208/toss/image.exe

Targets

    • Target

      0c69053bf59475cd7889a37427a32caa28bc94a7bff0f4d2052b89dd8d08889f.bin

    • Size

      9KB

    • MD5

      f5e976ded990b7d3ae74eb922b397006

    • SHA1

      482b374c7e9ddc7174fa18589640d990f9318d29

    • SHA256

      0c69053bf59475cd7889a37427a32caa28bc94a7bff0f4d2052b89dd8d08889f

    • SHA512

      7ef67ad8210323a7c391b3d8832cd7374ced9d804d6b4dfd9f301cea4189103ba6d80c2d6ff96258ba1b110c9b3bc12bcac18c74caed3ac7f209248078bb0b86

    • SSDEEP

      192:f29RnkbMcdopW9yj2zHpD7ho5LUNBRfGJhKniUGdyfxSfGQm:fGk9d2j2DpD18OmuGkfmG/

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks