Overview

overview

10

Static

static

8

case_inv 9892.xls

windows7_x64

10

case_inv 9892.xls

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    case_inv 9892.xls

  • Size

    31KB

  • Sample

    210120-75cr7s846n

  • MD5

    44f45729bca249b782cd9b51ceb0cf22

  • SHA1

    547f6f5f33484d0e9701e9a9bc81e709a63e2348

  • SHA256

    ed2c08cc6ff86d4538172c59b38a320c1757dd11ac04a1462637b121d1d8f5a4

  • SHA512

    c76015506de998cbf991e19ace7e38bfee2e9467a012f24fd7ccaa394a35e95001d14db994e4a378679261923c02c099afdf453560b011e5369c7aa58f81497e

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://flixliste.com/k.php

Targets

    • Target

      case_inv 9892.xls

    • Size

      31KB

    • MD5

      44f45729bca249b782cd9b51ceb0cf22

    • SHA1

      547f6f5f33484d0e9701e9a9bc81e709a63e2348

    • SHA256

      ed2c08cc6ff86d4538172c59b38a320c1757dd11ac04a1462637b121d1d8f5a4

    • SHA512

      c76015506de998cbf991e19ace7e38bfee2e9467a012f24fd7ccaa394a35e95001d14db994e4a378679261923c02c099afdf453560b011e5369c7aa58f81497e

    Score
    10/10
    ransomware

    • JavaScript code in executable

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks