Resubmissions

17-12-2020 18:27

201217-bavzn97yh2 10

09-11-2020 20:55

201109-jwyhm7ya66 10

General

  • Target

    faktura_18.xlsm

  • Size

    95KB

  • Sample

    201217-bavzn97yh2

  • MD5

    69f269d0a5e726c0bcafa1e81a456f79

  • SHA1

    a6537a821e059c4d10f9c35f0135e3af0227c9e9

  • SHA256

    3ad4819cec95571fba65855ebde66a308472c22a4c06501bfa1b1d51730572cc

  • SHA512

    72a229fa07b9d71cca6b120f7f2cf57b23c535d4bafe4b5bb65e9e0202e822ebfd7a54405e8b60c0514728f3c7815513049a049e1bde7ed02637e3c5e44dd1c9

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://oidblueprin.at/3/str.dll

Targets

    • Target

      faktura_18.xlsm

    • Size

      95KB

    • MD5

      69f269d0a5e726c0bcafa1e81a456f79

    • SHA1

      a6537a821e059c4d10f9c35f0135e3af0227c9e9

    • SHA256

      3ad4819cec95571fba65855ebde66a308472c22a4c06501bfa1b1d51730572cc

    • SHA512

      72a229fa07b9d71cca6b120f7f2cf57b23c535d4bafe4b5bb65e9e0202e822ebfd7a54405e8b60c0514728f3c7815513049a049e1bde7ed02637e3c5e44dd1c9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks