Overview

overview

10

Static

static

8

Kiki

windows7_x64

10

Resubmissions

17-12-2020 17:26

201217-wjvrnjhlg6 10

24-06-2020 14:54

200624-6mjajb17m2 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order-13822.xls

  • Size

    111KB

  • Sample

    201217-wjvrnjhlg6

  • MD5

    ee70031efbe62f81aa3c434ae0636a09

  • SHA1

    a9ebd7146771b922cb9a21456566fce7e93919c0

  • SHA256

    147679b401d295a5300cde9e2ad39a1a2b5a09757c1a248dd53914bdb9678140

  • SHA512

    9f3dfee086cf585601002d449613c34295e5e5fdad29bd41750e96011c2073d8e923109ebdf490d52b3c658174f3b7e0f6f2f47f5a64e63a40ded6d30b84adc4

Score
10/10
macro

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://reinin.tw/wp-keys.php
xlm40.dropper

https://legendcoder.com/wp-keys.php
xlm40.dropper

https://pullingmezcnarcmer.tk/wp-keys.php
xlm40.dropper

https://ruibrunconcallconsta.tk/wp-keys.php

Targets

    • Target

      Order-13822.xls

    • Size

      111KB

    • MD5

      ee70031efbe62f81aa3c434ae0636a09

    • SHA1

      a9ebd7146771b922cb9a21456566fce7e93919c0

    • SHA256

      147679b401d295a5300cde9e2ad39a1a2b5a09757c1a248dd53914bdb9678140

    • SHA512

      9f3dfee086cf585601002d449613c34295e5e5fdad29bd41750e96011c2073d8e923109ebdf490d52b3c658174f3b7e0f6f2f47f5a64e63a40ded6d30b84adc4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks