Overview

overview

10

Static

static

8

document-1...58.xls

windows7_x64

10

document-1...58.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    this_trouble (60).zip

  • Size

    15KB

  • Sample

    210224-wlpasdbhs6

  • MD5

    bbc75519d8d5eaf037b7777a0f76f076

  • SHA1

    ab084bef9130655deed0dc080a096d60c09c4f00

  • SHA256

    f13c921f12cfc961113a9a602b7c0d7e64c608d177b1aa7c8a1af170442786fa

  • SHA512

    50b29db02660e3280e708fc163efee9f4e909b837c053adf5df75f9e83e62def40214f5c0700e8d0d9542f728535a74f25cca50c4f723ad13b96716731b7a2d5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://31.214.157.170/22.gif

Targets

    • Target

      document-1609338658.xls

    • Size

      90KB

    • MD5

      f31c6710bcf92c36958adca6e70fb221

    • SHA1

      585e83e3d119d67a3e410a407691c9e3c4e90762

    • SHA256

      5936a9016b4193ed9a521d335e0f8d6c3f2bf658ba9ecd700da3f2574599ebc3

    • SHA512

      9b3cc1ed8d4867879c6838d3c29c73bf40af602de9abc269a9698c331d8cf44e884d828b84ae12f621a7a2cab2bf11f8174bde2b0cfa45a9ff55251f3fb01feb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks