Overview

overview

10

Static

static

8

PQ_7498.xls

windows7_x64

10

PQ_7498.xls

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PQ_7498.xls

  • Size

    33KB

  • Sample

    210119-zb7b1ftkh2

  • MD5

    20ce34e6dfd1f17d5e1e8564167c23bd

  • SHA1

    984045d9a670b781f4712611c87cc191380ef6f9

  • SHA256

    f9adf499bc16bfd096e00bc59c3233f022dec20c20440100d56e58610e4aded3

  • SHA512

    ef7fddfbbdb40f6b75d838397cad454a51822cbfec5e2dfbb8401784c518de74e9d707f9c44db2054be208735dba903035f1b75d7384fec5dc4c78275494514b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://indiamedicalshow.com/visitors.php

Targets

    • Target

      PQ_7498.xls

    • Size

      33KB

    • MD5

      20ce34e6dfd1f17d5e1e8564167c23bd

    • SHA1

      984045d9a670b781f4712611c87cc191380ef6f9

    • SHA256

      f9adf499bc16bfd096e00bc59c3233f022dec20c20440100d56e58610e4aded3

    • SHA512

      ef7fddfbbdb40f6b75d838397cad454a51822cbfec5e2dfbb8401784c518de74e9d707f9c44db2054be208735dba903035f1b75d7384fec5dc4c78275494514b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks