Overview

overview

10

Static

static

8

Document24852.xls

windows7_x64

10

Document24852.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document (60).zip

  • Size

    60KB

  • Sample

    210225-yd183s1726

  • MD5

    d384b9a6272aa640576e4f445a6b4589

  • SHA1

    3dedb3057af05132c818ee03b6a40da5610a21e7

  • SHA256

    5874238f75457428f416333cd9d9a38b9d3597819b2bec60a32a2a2a48f5fa66

  • SHA512

    e273beb1f9452febc976d5f3291455183eaae098517138b4e88b94d5d7d287cd8f670d94d1e913339c3e3990eae6c2e11a7cbc84108de798291ca323a28ce489

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://neokenya.co.ke/ds/2402.gif

Targets

    • Target

      Document24852.xls

    • Size

      342KB

    • MD5

      a3bdf0de7ffa05fddf6c3e2e4ac70be5

    • SHA1

      88ed9dce0a0de22c64699dbf2d3f8800dc4e6a4d

    • SHA256

      8aec15f6b8a7cb7fd28c7a6ac60c1925a168e6bdf541de40fa2e4d8473802051

    • SHA512

      fd988171e24475461dc0a027a1c24eae2da54f60d83dbcd31ad68643a5e43ad4d3a1bec2f6884ecd6a787e8a077f037248aa4ef29cf6db71d6c4ff10ae7b4883

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks