Overview

overview

10

Static

static

Pro-forma Da.xlsm

windows7_x64

10

Pro-forma Da.xlsm

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Pro-forma Da.xlsm

  • Size

    48KB

  • Sample

    200707-v1z623h9ts

  • MD5

    1b9914f176f853c624ff4727bb45180a

  • SHA1

    7da7342da3b8e83b2d8e3783d7044c42c23385f0

  • SHA256

    cfc6981de86af094cf3db2e7ae18d12e843ec0af676775163da859034b872f8f

  • SHA512

    b7072ab08115b8dbe9f1efed333fe0eb003be4ad9370115b7175b71c27e8f5faa1e582f48827a46b6b8e1e190be244342199e9bd460e47d80d99888123e86cd1

Score
10/10
spyware

Malware Config

Targets

    • Target

      Pro-forma Da.xlsm

    • Size

      48KB

    • MD5

      1b9914f176f853c624ff4727bb45180a

    • SHA1

      7da7342da3b8e83b2d8e3783d7044c42c23385f0

    • SHA256

      cfc6981de86af094cf3db2e7ae18d12e843ec0af676775163da859034b872f8f

    • SHA512

      b7072ab08115b8dbe9f1efed333fe0eb003be4ad9370115b7175b71c27e8f5faa1e582f48827a46b6b8e1e190be244342199e9bd460e47d80d99888123e86cd1

    Score
    10/10
    spyware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks