General

  • Target

    doc (23).zip

  • Size

    15KB

  • Sample

    210224-z2bqe9fmk2

  • MD5

    932dc474494f798a548dfa3bfb252ceb

  • SHA1

    059a0755c6524689f818b4bd5f954c9ba8f8d819

  • SHA256

    d2ec1ebfaa255b49bd8ad5c1ecf31e9eba808af9ff44f27856819543fb27a5d2

  • SHA512

    695726883707654098555699cebae665d2d86a56ad625c7dd5b10c7a5cbf2e0366bf19574f474946c78d51c7fff1b0470893542f004ac508210128b79b20b6de

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://45.11.183.252/22.gif

Targets

    • Target

      document-138786483.xls

    • Size

      90KB

    • MD5

      b1c9310142ef6224e26ca26bdcb479db

    • SHA1

      c9d1dbe62732bc9c724f4a38dd2feb8d2e080e94

    • SHA256

      e6d777b95f57d683235cd90540f284e3a0c69a6f20d69922d4a5ff7e70c07fac

    • SHA512

      c625dd815f3e9ab2ee99bd9b06d4e05ee67910627252edbdbc78bc15d72aca49dcaaa6ba18f6bb5f32e0c4997b858b736c4ef8e1bcb6c11b7b5f433bd20fc60f

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks