b1053de19f619325d6c83395ac3f5d56376216ac142472a1f2a5471b205ccc27 | Triage

Submit
Reports

Overview

overview

Static

static

8

Attachment_78216.xlsb

windows7_x64

Attachment_78216.xlsb

windows10_x64

Sharing

General

Target

Attachment_78216.xlsb
Size

94KB
Sample

210224-znk3gmdjxs
MD5

51f9bfaf150751080cbae13b7f735f64
SHA1

eda977f3a0adc285c5d53c0668a74a8b46db5c2e
SHA256

b1053de19f619325d6c83395ac3f5d56376216ac142472a1f2a5471b205ccc27
SHA512

69592d73b02638f51e2d5d10aaae6e4b09aeaaf33174ad67e035aceefe1a1ff71254f8fe9c97452e8d81c6d833e07f84c455ec710033cc6a0108a09a22e3c057

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Attachment_78216.xlsb

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Attachment_78216.xlsb

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://139.162.167.231/campo/t2/t2

Targets

- Target
  
  Attachment_78216.xlsb
- Size
  
  94KB
- MD5
  
  51f9bfaf150751080cbae13b7f735f64
- SHA1
  
  eda977f3a0adc285c5d53c0668a74a8b46db5c2e
- SHA256
  
  b1053de19f619325d6c83395ac3f5d56376216ac142472a1f2a5471b205ccc27
- SHA512
  
  69592d73b02638f51e2d5d10aaae6e4b09aeaaf33174ad67e035aceefe1a1ff71254f8fe9c97452e8d81c6d833e07f84c455ec710033cc6a0108a09a22e3c057
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy