General

  • Target

    Cancellation_Letter_541411513-02242021.xls

  • Size

    143KB

  • Sample

    210225-ct8kpxgd6n

  • MD5

    a7ba7bd69d41f3be1e69740c33c4fbf8

  • SHA1

    d56bc9bf6e700c75b14322d174ff1c9fc881f3f0

  • SHA256

    0c611fc0b990b1269c7e5d98613c9e0ab4d3a1166370ed707b8d6063f05f6de0

  • SHA512

    ebb05d62cda68f61440a326902db33ab69d2404410de6c01c1f184115cce579cf76b5654663c3502c67770118e022b7a9175a1cc62523ca4e57c2fe755ab47c6

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://sumonpro.xyz/nseoqnwbbvmc/44252290155555600000.dat

xlm40.dropper

http://vngkinderopvang.nl/rmyjq/44252290155555600000.dat

xlm40.dropper

http://stadt-fuchs.net/gwixglx/44252290155555600000.dat

xlm40.dropper

http://hdmedia.pro/noexyryqori/44252290155555600000.dat

xlm40.dropper

http://www.fernway.com/xjhuljbqv/44252290155555600000.dat

Targets

    • Target

      Cancellation_Letter_541411513-02242021.xls

    • Size

      143KB

    • MD5

      a7ba7bd69d41f3be1e69740c33c4fbf8

    • SHA1

      d56bc9bf6e700c75b14322d174ff1c9fc881f3f0

    • SHA256

      0c611fc0b990b1269c7e5d98613c9e0ab4d3a1166370ed707b8d6063f05f6de0

    • SHA512

      ebb05d62cda68f61440a326902db33ab69d2404410de6c01c1f184115cce579cf76b5654663c3502c67770118e022b7a9175a1cc62523ca4e57c2fe755ab47c6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks