Overview

overview

10

Static

static

8

document-1...16.xls

windows7_x64

10

document-1...16.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (22).zip

  • Size

    14KB

  • Sample

    210303-cyf6s3tscs

  • MD5

    a594eb7f6b91ad21ab8f4844cca99bcf

  • SHA1

    41e47d27a90f6bf3c9cc795f049d1a5286fff079

  • SHA256

    846922f5633e8f805c5365d9dfde58b973adef1c22fe5ce33b03bd90e9326b76

  • SHA512

    2d3f64c8eec20aff578356c2c4f643ed9b3f896ffc025d5c102a6da68a504320d1a8cd145d5844eda0f7fec67ae94a82b06223ae47ed01960418f38ed4603c0d

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://wlog28dzzmi02spfin.com/mrch.gif

Targets

    • Target

      document-1541761416.xls

    • Size

      86KB

    • MD5

      36940b6627143038880da0a81dc9f7df

    • SHA1

      d4c2f6b0e04c5678cadb31d26286aca58c5baab8

    • SHA256

      effa3b97b8d62971388819456ada7a792b772b05d7d02d3c4f97bfa1a6056c00

    • SHA512

      c27a75ea1289af591cc6296435b6a05b8f5ed4f2c144ed4f578d0c6e5306e7e8a8e374473c3b40c761f56e5b8637c83fa72381aa5f38147bb624116382501587

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks