Overview

overview

10

Static

static

8

b4f99bb09f...ea.xls

windows7_x64

10

b4f99bb09f...ea.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4f99bb09f94b4f66d8bb6f205104f07919072ccd078c56df3bcde6e4cda80ea.xls

  • Size

    88KB

  • Sample

    210226-1sqatqblbj

  • MD5

    aec3be37da1a6205f995bce397e07ed0

  • SHA1

    ac1bb3dbc853e13b3c2208e3a728bf8db0d7aebb

  • SHA256

    b4f99bb09f94b4f66d8bb6f205104f07919072ccd078c56df3bcde6e4cda80ea

  • SHA512

    6047756631e48830e6d3d36cc48553616a320378917ef70ec42283d0f26f9f008970e72d4eafc21ad494d6ed0d85f4a6654fbe355e50e7e0027184bdadbd8612

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fb25d3eda23hfy.com/fb26.gif

Targets

    • Target

      b4f99bb09f94b4f66d8bb6f205104f07919072ccd078c56df3bcde6e4cda80ea.xls

    • Size

      88KB

    • MD5

      aec3be37da1a6205f995bce397e07ed0

    • SHA1

      ac1bb3dbc853e13b3c2208e3a728bf8db0d7aebb

    • SHA256

      b4f99bb09f94b4f66d8bb6f205104f07919072ccd078c56df3bcde6e4cda80ea

    • SHA512

      6047756631e48830e6d3d36cc48553616a320378917ef70ec42283d0f26f9f008970e72d4eafc21ad494d6ed0d85f4a6654fbe355e50e7e0027184bdadbd8612

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks