Overview

overview

10

Static

static

8

document-1...89.xls

windows7_x64

10

document-1...89.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    collected (83).zip

  • Size

    15KB

  • Sample

    210225-jtpjc6ypj6

  • MD5

    47ddde3a2a966936b0c450487a8e2b3c

  • SHA1

    0403b5bb0255ced7ab75b1e6bffe5e516af90af2

  • SHA256

    c7cfa6a32f433a067cdc28b90f3aa4216162ffec5b5f6191b512cc7ac036576c

  • SHA512

    7423ccf97cdec253aca8cc72e27409b0b5bb15ba500cb5341a4f02e2b7dea3f55f3f21c2fd6760c9b8eb39b0c0f16846abce31af1499a5b730090fe15f5fb21e

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ghtyrncjf2df.com/fb26.gif

Targets

    • Target

      document-1113685689.xls

    • Size

      88KB

    • MD5

      3d1e394bc230e5fdb0d8fe7df89882c3

    • SHA1

      b0f13a43258b0f8f82c3ebbcd3f4657b87156005

    • SHA256

      7c6704e534bab82cd948988dcbf0daa8074f3bea95574646854a5563d323016a

    • SHA512

      73bac3e4e6b2954a980f60db3bd38c059dee5984c0c62c01dc4639f1dfceb01d8dd31d7de76bd96bc3f33a94de2a3c378b751ba644be2637b72d44e8517852d5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks