General

  • Target

    zload.xls

  • Size

    31KB

  • Sample

    210120-66nzq94ebe

  • MD5

    db5863749e79e71db2f4481f81c7554b

  • SHA1

    3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a

  • SHA256

    b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222

  • SHA512

    eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://forteanhub.com/v.php

Targets

    • Target

      zload.xls

    • Size

      31KB

    • MD5

      db5863749e79e71db2f4481f81c7554b

    • SHA1

      3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a

    • SHA256

      b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222

    • SHA512

      eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • JavaScript code in executable

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks