General

  • Target

    Cancellation_Letter_49813862-02242021.zip

  • Size

    28KB

  • Sample

    210225-rql7gyhqgs

  • MD5

    970bd16657d10113bd6e86d97e371bb4

  • SHA1

    a860c29b831ccea1ac746d1a0f6e677102a9639d

  • SHA256

    6eb7f2dcc632b6d5824e2b601de62e32181fc6e443b184581da531f5d9dbfba6

  • SHA512

    9a13b717bb629d6b52837ee07225749814927fd27a56522f9ea562e567b70789fefa8d1f2fdeea633bf738169ea703c2997391d1df38f1bd154e876b97c49103

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://jayshreewoods.com/kkcikakk/44252143816319500000.dat

xlm40.dropper

http://old.hprgroup.pl/ideerdst/44252143816319500000.dat

xlm40.dropper

http://youviral.in/nwkucot/44252143816319500000.dat

xlm40.dropper

http://foodszo.com/axwsaj/44252143816319500000.dat

xlm40.dropper

http://pactoporlaexcelenciaeducativa.mx/txaiuwgeayb/44252143816319500000.dat

Targets

    • Target

      Cancellation_Letter_49813862-02242021.xls

    • Size

      144KB

    • MD5

      cc80bd56850052e57c4bc0be1753abcf

    • SHA1

      b20db5d5906632d8a33eced3efa9fb478f3ad085

    • SHA256

      7be59273d824a97031e8519a0ec36ef9eed4c173427bce10cd9e2af54973d076

    • SHA512

      b0f091bf1938a7ea26b8f93f2fe3e935e2b7564d4367d1673e3b187b563d269c0b47a94f76e3b7a4959b075f8d7a00d53977efaca2e18eaf2e11c035969e5062

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks