Overview

overview

10

Static

static

8

document-6952992.xls

windows7_x64

10

document-6952992.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    found (36).zip

  • Size

    15KB

  • Sample

    210226-37jhpl6mts

  • MD5

    7ff3557921ff728cee4d4bf1ba0c2a5e

  • SHA1

    f15f605fa4c40d2f14ec8313157d6c8410a48146

  • SHA256

    d3c1380c0af72b817c650b399f136fb12af4be4b887161e25246f5eb4407345f

  • SHA512

    20cb1173127dd6045ad84e277f90d75ff5ee1eef47ad3ade31cbcfe57c2a082b27a6642ea0d5ff62be352409b2b1249de8c2490dfacd3a5e156bd8646f4611b5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fb25d3erda23hfy.com/fb26.gif

Targets

    • Target

      document-6952992.xls

    • Size

      88KB

    • MD5

      5cb756746b0e93e42af4c81cec492d62

    • SHA1

      7b024183a379c0a2e075b26937b39ca11c04e432

    • SHA256

      a908a5ad48622201b6ebe4b6d28bc4584804c2246d9f49488ca496f1a88512eb

    • SHA512

      01cddc7c2f4d6c0a04a3eb18b8d09e387e6a7e63335ac8ab7e4b0e616c85a35a13393a40c92b19a1db49e950b4fc66f4ff173273e3433910720d9951af358a7f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks