General

  • Target

    QO-77190441.xlsm

  • Size

    64KB

  • Sample

    200713-91kqds9c7x

  • MD5

    93897aa2998c1991834aa52bf86c0ad5

  • SHA1

    b91d37f744db2606709ec999f8eeb97c7b4c0514

  • SHA256

    b17553745e016653cace2242fbf6be5d91642e9ec2424d43f97d47576b2fc046

  • SHA512

    b6d3f60776846c1a74be4ae9c1b9615de03ef5d52e3590477e0a4a292f4eecea3c4f2ff8a834e5019a1472a9fd00241209018a9d5214dc9b1cea7a186cdae061

Malware Config

Targets

    • Target

      QO-77190441.xlsm

    • Size

      64KB

    • MD5

      93897aa2998c1991834aa52bf86c0ad5

    • SHA1

      b91d37f744db2606709ec999f8eeb97c7b4c0514

    • SHA256

      b17553745e016653cace2242fbf6be5d91642e9ec2424d43f97d47576b2fc046

    • SHA512

      b6d3f60776846c1a74be4ae9c1b9615de03ef5d52e3590477e0a4a292f4eecea3c4f2ff8a834e5019a1472a9fd00241209018a9d5214dc9b1cea7a186cdae061

    • Executes dropped EXE

    • Modifies system certificate store

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v6

Tasks