Overview

overview

10

Static

static

8

document-1...82.xls

windows7_x64

10

document-1...82.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    collected (42).zip

  • Size

    15KB

  • Sample

    210224-n5m464scpe

  • MD5

    4d49164cb029086e9c1ec1102bf04564

  • SHA1

    ff2947069b9ab6a6ffdd54283332cb0b92ff5f25

  • SHA256

    5d937569939751d80f60a00b5a02a0510c6d5f5776116a626f6e61c76b421e23

  • SHA512

    d9cf4f01fb8f10a7988654964dd3c94568fc98de153d2a3c5180291c0222e0a1d55fef62b36fcfc29bcf7b35152f084df36d4fc2db0c1e2d70df5dbe7a91956f

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://185.212.47.84/22.gif

Targets

    • Target

      document-1428393482.xls

    • Size

      90KB

    • MD5

      8d2d6754ae76716529643b0553857968

    • SHA1

      3ce08309cae94dc488b2cfcf16e2272c7584fb19

    • SHA256

      fb5cc4fee714b537a41bdba198c7fc4bbf43f85882e5725a3bab52ba618b6b82

    • SHA512

      3ab6366b86f64f419b6c49a8dafbc9f4a0f44ab9c163aaf3ce2750b93a04a693bd7a7474d6f788bc788f6326c7cffafde7daf741f8aca38e344ae667722e4a25

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks