Overview

overview

10

Static

static

8

ฺฺฺB...¸ºà¸º

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...¸ºà¸º7

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trickbot.xls.zip

  • Size

    24KB

  • Sample

    210224-hmyhjzph8s

  • MD5

    93036788d99ca7ae57a5a38ba5f4624f

  • SHA1

    b80f13adddf9b1d20e72df4a9712d15e56e54e67

  • SHA256

    0f762e82649c034434fe38dfd45835ad4e560b377a9a7c23e30578fbaf1b1505

  • SHA512

    77afc459b902ec57a055db3d33db012f49fc4e54561ffa77720a42d489a492052f92d2656eea9777659e404eea6e3258cb306b92e107c9f9b959d4045c90c017

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://soberlifeco.com/contra/storage.php

Targets

    • Target

      trickbot.xls

    • Size

      52KB

    • MD5

      2fa033c8bbdf1bd937125042588cdec9

    • SHA1

      b9a0d6ff9a77fc9b223abe2c560a7e888026e3bb

    • SHA256

      1df473992bd7c161fc1964c5d895f16240b417005fc69d20d3b9013c6c18dee8

    • SHA512

      7eccb690657f33ee7c8e7ae5792441d69a3f4e99df5735cb81cff7d4c0ab44928ad2b84b0386296face223e921d19c5fa3f52e4afc45d7e9e779481a40a8ba95

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks