Overview

overview

8

Static

static

8

QO-77190441.xlsm

windows7_x64

6

QO-77190441.xlsm

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QO-77190441.xlsm

  • Size

    64KB

  • Sample

    200713-91kqds9c7x

  • MD5

    93897aa2998c1991834aa52bf86c0ad5

  • SHA1

    b91d37f744db2606709ec999f8eeb97c7b4c0514

  • SHA256

    b17553745e016653cace2242fbf6be5d91642e9ec2424d43f97d47576b2fc046

  • SHA512

    b6d3f60776846c1a74be4ae9c1b9615de03ef5d52e3590477e0a4a292f4eecea3c4f2ff8a834e5019a1472a9fd00241209018a9d5214dc9b1cea7a186cdae061

Score
8/10
evasionmacrospywaretrojan

Malware Config

Targets

    • Target

      QO-77190441.xlsm

    • Size

      64KB

    • MD5

      93897aa2998c1991834aa52bf86c0ad5

    • SHA1

      b91d37f744db2606709ec999f8eeb97c7b4c0514

    • SHA256

      b17553745e016653cace2242fbf6be5d91642e9ec2424d43f97d47576b2fc046

    • SHA512

      b6d3f60776846c1a74be4ae9c1b9615de03ef5d52e3590477e0a4a292f4eecea3c4f2ff8a834e5019a1472a9fd00241209018a9d5214dc9b1cea7a186cdae061

    Score
    8/10
    evasionspywaretrojan

    • Executes dropped EXE

    • Modifies system certificate store

      evasionspywaretrojan

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks