Overview

overview

10

Static

static

8

Attachment_78387.xlsb

windows7_x64

10

Attachment_78387.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Attachment_78387.xlsb

  • Size

    94KB

  • Sample

    210224-r3mgadymwe

  • MD5

    74767e071069d33b535a15a8e6d98084

  • SHA1

    29d5d3d28790d34e79bcbe2a579c962184c8e3c2

  • SHA256

    ad9cee450812467571d9816e6d372ce8a3fb14fc303cece2b64d382d4136854a

  • SHA512

    26d8353dfc5dd1afc9aa9ee532200fcc7c71f31d70b59fe31e2aedf10ab48b6d6dfb3aeeabc4ff5b380af14f01867e994e7ae49e0407f3009f894b8eafe51577

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://139.162.167.231/campo/t2/t2

Targets

    • Target

      Attachment_78387.xlsb

    • Size

      94KB

    • MD5

      74767e071069d33b535a15a8e6d98084

    • SHA1

      29d5d3d28790d34e79bcbe2a579c962184c8e3c2

    • SHA256

      ad9cee450812467571d9816e6d372ce8a3fb14fc303cece2b64d382d4136854a

    • SHA512

      26d8353dfc5dd1afc9aa9ee532200fcc7c71f31d70b59fe31e2aedf10ab48b6d6dfb3aeeabc4ff5b380af14f01867e994e7ae49e0407f3009f894b8eafe51577

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks