General

  • Target

    Cancellation_Letter_735340512-02242021.xls

  • Size

    144KB

  • Sample

    210224-pm9xy4ghdn

  • MD5

    15fd599a562dcb050c754f6a7ae163fe

  • SHA1

    4c745cf23a19fd0b36924e49cfe61945694d3746

  • SHA256

    f780e6a155e84da6486e7b0cdf126432c3c39da3eeb9927d14786b3640bb4ee9

  • SHA512

    b1c8e702bf1cc399de74885a9a628880ea991adcf0adf9c39846574c5e604105fb6a5749736ba71514a4a102b581f1cef0fb983cfcb68505168f580715aa1872

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://slmtv.com/tfbgl/44251691788078700000.dat

xlm40.dropper

http://dicomm-001-site35.ctempurl.com/pmslsda/44251691788078700000.dat

xlm40.dropper

http://konyahaberler.xyz/hxjxxwav/44251691788078700000.dat

xlm40.dropper

http://pandsquinny.com/nlbzyhfs/44251691788078700000.dat

Targets

    • Target

      Cancellation_Letter_735340512-02242021.xls

    • Size

      144KB

    • MD5

      15fd599a562dcb050c754f6a7ae163fe

    • SHA1

      4c745cf23a19fd0b36924e49cfe61945694d3746

    • SHA256

      f780e6a155e84da6486e7b0cdf126432c3c39da3eeb9927d14786b3640bb4ee9

    • SHA512

      b1c8e702bf1cc399de74885a9a628880ea991adcf0adf9c39846574c5e604105fb6a5749736ba71514a4a102b581f1cef0fb983cfcb68505168f580715aa1872

    Score
    10/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks