Overview

overview

9

Static

static

scan 0003.xlsm

windows7_x64

8

scan 0003.xlsm

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan 0003.xlsm

  • Size

    78KB

  • Sample

    200731-37as6q8vdj

  • MD5

    74e2a78248c6f0a949f2bcd86d0315c8

  • SHA1

    7209cc8af3c1704cd35aa5f9650335e50eba09ef

  • SHA256

    5f1546c28e06698400fdb0c307bc82e4ab74ecac4913cbd106648f17a81e02ff

  • SHA512

    99b74585e48d7f790ebdc512262307e955a7b71f1c283ba670b831138bb37a03a77936668d7adc7460f065bd364eecdd16dc6d8464cf09a6f2675a108b1461e6

Score
9/10

Malware Config

Targets

    • Target

      scan 0003.xlsm

    • Size

      78KB

    • MD5

      74e2a78248c6f0a949f2bcd86d0315c8

    • SHA1

      7209cc8af3c1704cd35aa5f9650335e50eba09ef

    • SHA256

      5f1546c28e06698400fdb0c307bc82e4ab74ecac4913cbd106648f17a81e02ff

    • SHA512

      99b74585e48d7f790ebdc512262307e955a7b71f1c283ba670b831138bb37a03a77936668d7adc7460f065bd364eecdd16dc6d8464cf09a6f2675a108b1461e6

    Score
    9/10

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks