69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09 | Triage

Resubmissions

17-12-2020 18:31

201217-fxv9p8zbw6 10

06-10-2020 11:21

201006-tp1644sm8j 8

Sharing

General

Target

inv1535.xls
Size

41KB
Sample

201217-fxv9p8zbw6
MD5

a25f16b71feac96810800c7d281a93d8
SHA1

e5d716e4d3687e79e99a70607bcbcec37ebfa73d
SHA256

69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09
SHA512

36e1890c5f269af77af20639048866267aec0d3d6a5184a35d89f7fd7c62a6406ea485801760b8301a8fcf73202c597499b061cb547f5ba37282b8be6c3c88bf

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://hacemosmarketingdigital.com.ar/6bbktc.php

xlm40.dropper

https://heimat-harz.com/zgwykq.php

xlm40.dropper

https://hgt.vaduni.vn/tjxxhk.php

xlm40.dropper

https://hoanggiang.tk/kgqbsf.php

Targets

- Target
  
  inv1535.xls
- Size
  
  41KB
- MD5
  
  a25f16b71feac96810800c7d281a93d8
- SHA1
  
  e5d716e4d3687e79e99a70607bcbcec37ebfa73d
- SHA256
  
  69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09
- SHA512
  
  36e1890c5f269af77af20639048866267aec0d3d6a5184a35d89f7fd7c62a6406ea485801760b8301a8fcf73202c597499b061cb547f5ba37282b8be6c3c88bf
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1