3ad4819cec95571fba65855ebde66a308472c22a4c06501bfa1b1d51730572cc | Triage

Resubmissions

17-12-2020 18:27

201217-bavzn97yh2 10

09-11-2020 20:55

201109-jwyhm7ya66 10

Sharing

General

Target

faktura_18.xlsm
Size

95KB
Sample

201217-bavzn97yh2
MD5

69f269d0a5e726c0bcafa1e81a456f79
SHA1

a6537a821e059c4d10f9c35f0135e3af0227c9e9
SHA256

3ad4819cec95571fba65855ebde66a308472c22a4c06501bfa1b1d51730572cc
SHA512

72a229fa07b9d71cca6b120f7f2cf57b23c535d4bafe4b5bb65e9e0202e822ebfd7a54405e8b60c0514728f3c7815513049a049e1bde7ed02637e3c5e44dd1c9

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://oidblueprin.at/3/str.dll

Targets

- Target
  
  faktura_18.xlsm
- Size
  
  95KB
- MD5
  
  69f269d0a5e726c0bcafa1e81a456f79
- SHA1
  
  a6537a821e059c4d10f9c35f0135e3af0227c9e9
- SHA256
  
  3ad4819cec95571fba65855ebde66a308472c22a4c06501bfa1b1d51730572cc
- SHA512
  
  72a229fa07b9d71cca6b120f7f2cf57b23c535d4bafe4b5bb65e9e0202e822ebfd7a54405e8b60c0514728f3c7815513049a049e1bde7ed02637e3c5e44dd1c9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1