Overview

overview

10

Static

static

8

documents (79).xls

windows7_x64

10

documents (79).xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    documents (79).xls

  • Size

    317KB

  • Sample

    210224-cvv9cspzks

  • MD5

    83f047c8d6fd8f7bb4aa264ab9b7eb77

  • SHA1

    a92e398af146f092ee39c32a4be6c7875ca51a42

  • SHA256

    18a2d9d6fdd4d1551115ed1c6b224678798fd807ea4eae3d2c9f400c3132d543

  • SHA512

    f351a7d9ab66944ac36f65f8a1fcaddceedf9fe02a33d372af88b443a7bbd3ef9f64ab943046ab54b6cf49df83623aa25a75b1deab5cf5639cf00e9037e4a867

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://pricer.civilta.in/ds/1602.gif

Targets

    • Target

      documents (79).xls

    • Size

      317KB

    • MD5

      83f047c8d6fd8f7bb4aa264ab9b7eb77

    • SHA1

      a92e398af146f092ee39c32a4be6c7875ca51a42

    • SHA256

      18a2d9d6fdd4d1551115ed1c6b224678798fd807ea4eae3d2c9f400c3132d543

    • SHA512

      f351a7d9ab66944ac36f65f8a1fcaddceedf9fe02a33d372af88b443a7bbd3ef9f64ab943046ab54b6cf49df83623aa25a75b1deab5cf5639cf00e9037e4a867

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks