147679b401d295a5300cde9e2ad39a1a2b5a09757c1a248dd53914bdb9678140 | Triage

Resubmissions

17-12-2020 17:26

201217-wjvrnjhlg6 10

24-06-2020 14:54

200624-6mjajb17m2 8

Sharing

General

Target

Order-13822.xls
Size

111KB
Sample

201217-wjvrnjhlg6
MD5

ee70031efbe62f81aa3c434ae0636a09
SHA1

a9ebd7146771b922cb9a21456566fce7e93919c0
SHA256

147679b401d295a5300cde9e2ad39a1a2b5a09757c1a248dd53914bdb9678140
SHA512

9f3dfee086cf585601002d449613c34295e5e5fdad29bd41750e96011c2073d8e923109ebdf490d52b3c658174f3b7e0f6f2f47f5a64e63a40ded6d30b84adc4

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://reinin.tw/wp-keys.php

xlm40.dropper

https://legendcoder.com/wp-keys.php

xlm40.dropper

https://pullingmezcnarcmer.tk/wp-keys.php

xlm40.dropper

https://ruibrunconcallconsta.tk/wp-keys.php

Targets

- Target
  
  Order-13822.xls
- Size
  
  111KB
- MD5
  
  ee70031efbe62f81aa3c434ae0636a09
- SHA1
  
  a9ebd7146771b922cb9a21456566fce7e93919c0
- SHA256
  
  147679b401d295a5300cde9e2ad39a1a2b5a09757c1a248dd53914bdb9678140
- SHA512
  
  9f3dfee086cf585601002d449613c34295e5e5fdad29bd41750e96011c2073d8e923109ebdf490d52b3c658174f3b7e0f6f2f47f5a64e63a40ded6d30b84adc4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1