General
-
Target
Documento.xls
-
Size
40KB
-
Sample
220512-lfbk3sbhb3
-
MD5
bf1a84bcee85983c92040cc52a43dd17
-
SHA1
eedb1bbdc50095d087ac9fd3eb0e4695217c6d0d
-
SHA256
bcb53af88c2eb7a3e04c8874854a6c4fc0a2b9890ed39cc4bc9c1f7ef6380563
-
SHA512
fab1981d877b6bbb041723e1d19b4c019413e447ba193b5bd1a2f0b59ad8cbfbf9e54e06b6fed407ac82f03bec84ca6ba5fa0aba5aa0d4cd792c1da4632eb860
Malware Config
Extracted
https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/
Targets
-
-
Target
Documento.xls
-
Size
40KB
-
MD5
bf1a84bcee85983c92040cc52a43dd17
-
SHA1
eedb1bbdc50095d087ac9fd3eb0e4695217c6d0d
-
SHA256
bcb53af88c2eb7a3e04c8874854a6c4fc0a2b9890ed39cc4bc9c1f7ef6380563
-
SHA512
fab1981d877b6bbb041723e1d19b4c019413e447ba193b5bd1a2f0b59ad8cbfbf9e54e06b6fed407ac82f03bec84ca6ba5fa0aba5aa0d4cd792c1da4632eb860
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-