Overview

overview

10

Static

static

8

SecuriteIn...97.xls

windows7_x64

10

SecuriteIn...97.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Heur.2891.797

  • Size

    90KB

  • Sample

    210224-wphpjnwc1s

  • MD5

    b6b86337d6e1d9cb108c5280b625c268

  • SHA1

    667f73369e3101f8dbb94a32c4cd5c4af41098e6

  • SHA256

    8646dbe5e97c1e1e11d497a899423d8615c3af59e950423e64c56491effb9cb9

  • SHA512

    6589e8bd1e1704c5ef2b37a68362be962dcc7aa94156c6499d7cbd4b8a00dca10085dca83986dba8daa1697787d08aee52eb7f49276c5931bf4e023de9b4e526

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://45.11.183.181/22.gif

Targets

    • Target

      SecuriteInfo.com.Heur.2891.797

    • Size

      90KB

    • MD5

      b6b86337d6e1d9cb108c5280b625c268

    • SHA1

      667f73369e3101f8dbb94a32c4cd5c4af41098e6

    • SHA256

      8646dbe5e97c1e1e11d497a899423d8615c3af59e950423e64c56491effb9cb9

    • SHA512

      6589e8bd1e1704c5ef2b37a68362be962dcc7aa94156c6499d7cbd4b8a00dca10085dca83986dba8daa1697787d08aee52eb7f49276c5931bf4e023de9b4e526

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks