Overview

overview

10

Static

static

8

Debt-Detai...21.xls

windows7_x64

10

Debt-Detai...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-1075875600-02252021.zip

  • Size

    28KB

  • Sample

    210225-5mlkqx7phn

  • MD5

    f2cd582358ccce8d083a2b9d4ee5b3c0

  • SHA1

    553f4d1885a8c716af2aef0e8cd973ec3b7a6ca7

  • SHA256

    c976fe40296e6ad05f65a23f922d5fbd70929055f97667c273b25d6e94a8580b

  • SHA512

    681d7dbbff9d201bc8ef0d2f9084a0dd45d0e2f5de606b94f673098e9bbcd63a39de8e315165955ccc1623dc5c13afa4b02b4f9c0af899b7d034d54c34173af6

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://oxcoz.com/nydprgwf/44252854640740700000.dat
xlm40.dropper

http://sharonbrockway.com/favohwn/44252854640740700000.dat
xlm40.dropper

http://outgrowmeinie.com/wcuiugnrebpk/44252854640740700000.dat
xlm40.dropper

http://sarayutseena-001-site1.gtempurl.com/kecljmkhyl/44252854640740700000.dat
xlm40.dropper

http://gtrans.group/prduod/44252854640740700000.dat

Targets

    • Target

      Debt-Details-1075875600-02252021.xls

    • Size

      144KB

    • MD5

      390f8d0597aa2a2e3b2a82ad03666972

    • SHA1

      fba5548633d05cead7f11f4dd7ff44684d15ce7d

    • SHA256

      2cfc6bd3a277dd42442ee633824d126c4fd16f206580c6360d6c2137936b525a

    • SHA512

      d2e73cdc9d8ec60ec129d0954af49ec1e3d050ca2d13e1a31ebf17f2b32a965082b3186433c149803eec05cde0cbdbf0f46a4810eb437d9f6f4a9c435c8e0ef1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks