Overview

overview

10

Static

static

8

Debt-Detai...21.xls

windows7_x64

10

Debt-Detai...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-984143925-02252021.zip

  • Size

    28KB

  • Sample

    210225-33lfym6kpj

  • MD5

    978343ebe8f367f7912d3d6ad68ec81e

  • SHA1

    2ec6eeb1932a3fe7021925aa61915cfe708302b8

  • SHA256

    1f9906838cc9f15af83a0abcda8027710f413da143bd4cd74d3f6ef57d6a63c3

  • SHA512

    a772c0cc8b74c717c80a9f59cb1357bd1ef43be57dee8e5bae021e72dd0807818d01d09ae889e6f2033f5d819fb02d4177cade6c7f7379a21da5946bf075917a

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://oxcoz.com/nydprgwf/44252857694444400000.dat
xlm40.dropper

http://sharonbrockway.com/favohwn/44252857694444400000.dat
xlm40.dropper

http://outgrowmeinie.com/wcuiugnrebpk/44252857694444400000.dat
xlm40.dropper

http://sarayutseena-001-site1.gtempurl.com/kecljmkhyl/44252857694444400000.dat
xlm40.dropper

http://gtrans.group/prduod/44252857694444400000.dat

Targets

    • Target

      Debt-Details-984143925-02252021.xls

    • Size

      144KB

    • MD5

      be926d8d9c5d7c0cb708d216a71b7996

    • SHA1

      20dfb236563522567e681ff2a997705f29432d9d

    • SHA256

      f5a72b0c7e02baef966450d6782bc59a1f8efa400e953e93001e2d9ea3fe530c

    • SHA512

      fec7cd3ebc368a10dccd032f066727ba92fbb22e4a231300447b75d231d0ada6ebea55853ba5f742e502604424b0f0b125d9a19d243c554902c8207bfcdcc4f2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks