69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09 | Triage

Resubmissions

17-12-2020 18:31

201217-fxv9p8zbw6 10

06-10-2020 11:21

201006-tp1644sm8j 8

Sharing

General

Target

inv1535.xls
Size

41KB
Sample

201217-fxv9p8zbw6
MD5

a25f16b71feac96810800c7d281a93d8
SHA1

e5d716e4d3687e79e99a70607bcbcec37ebfa73d
SHA256

69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09
SHA512

36e1890c5f269af77af20639048866267aec0d3d6a5184a35d89f7fd7c62a6406ea485801760b8301a8fcf73202c597499b061cb547f5ba37282b8be6c3c88bf

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://hacemosmarketingdigital.com.ar/6bbktc.php

xlm40.dropper

https://heimat-harz.com/zgwykq.php

xlm40.dropper

https://hgt.vaduni.vn/tjxxhk.php

xlm40.dropper

https://hoanggiang.tk/kgqbsf.php

Targets

- Target
  
  inv1535.xls
- Size
  
  41KB
- MD5
  
  a25f16b71feac96810800c7d281a93d8
- SHA1
  
  e5d716e4d3687e79e99a70607bcbcec37ebfa73d
- SHA256
  
  69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09
- SHA512
  
  36e1890c5f269af77af20639048866267aec0d3d6a5184a35d89f7fd7c62a6406ea485801760b8301a8fcf73202c597499b061cb547f5ba37282b8be6c3c88bf
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1