General

  • Target

    PQ_7498.xls

  • Size

    33KB

  • Sample

    210119-zb7b1ftkh2

  • MD5

    20ce34e6dfd1f17d5e1e8564167c23bd

  • SHA1

    984045d9a670b781f4712611c87cc191380ef6f9

  • SHA256

    f9adf499bc16bfd096e00bc59c3233f022dec20c20440100d56e58610e4aded3

  • SHA512

    ef7fddfbbdb40f6b75d838397cad454a51822cbfec5e2dfbb8401784c518de74e9d707f9c44db2054be208735dba903035f1b75d7384fec5dc4c78275494514b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://indiamedicalshow.com/visitors.php

Targets

    • Target

      PQ_7498.xls

    • Size

      33KB

    • MD5

      20ce34e6dfd1f17d5e1e8564167c23bd

    • SHA1

      984045d9a670b781f4712611c87cc191380ef6f9

    • SHA256

      f9adf499bc16bfd096e00bc59c3233f022dec20c20440100d56e58610e4aded3

    • SHA512

      ef7fddfbbdb40f6b75d838397cad454a51822cbfec5e2dfbb8401784c518de74e9d707f9c44db2054be208735dba903035f1b75d7384fec5dc4c78275494514b

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks