Overview

overview

10

Static

static

8

Document_73046.xlsb

windows7_x64

10

Document_73046.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_73046.xlsb

  • Size

    104KB

  • Sample

    210223-7b27h9w586

  • MD5

    c4e6520a45dab15369bd5ef95f17146c

  • SHA1

    973a15aa80a4a2f9e86086164e7124bf0ea6b7b8

  • SHA256

    ecb15e8dca9d7235690d18a46bb666ba3037d463c05c7bb944f16df5a43505e8

  • SHA512

    264d52b3ce0a7639a06e2d885a6f3ed26cc7f412dea05dc03a40296fe2ab53a5752c470c8a57661c386c89d5d34f5487f0bf3530dbda1f70506ca5229117552e

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://172.105.70.225/campo/t2/t2

Targets

    • Target

      Document_73046.xlsb

    • Size

      104KB

    • MD5

      c4e6520a45dab15369bd5ef95f17146c

    • SHA1

      973a15aa80a4a2f9e86086164e7124bf0ea6b7b8

    • SHA256

      ecb15e8dca9d7235690d18a46bb666ba3037d463c05c7bb944f16df5a43505e8

    • SHA512

      264d52b3ce0a7639a06e2d885a6f3ed26cc7f412dea05dc03a40296fe2ab53a5752c470c8a57661c386c89d5d34f5487f0bf3530dbda1f70506ca5229117552e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks