Overview

overview

10

Static

static

8

81b8467659...3.xlsb

windows7_x64

10

81b8467659...3.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81b846765978f2eed8e4e9ef5e6187a551694a51e5ffeb19d77b03f8a6ccc523.xlsb

  • Size

    197KB

  • Sample

    210303-twdck89tm6

  • MD5

    f56b13a4531308320270298e8c2ea192

  • SHA1

    25c0468d4ba09f05c0c75c5e0ac74583f3fd0ba2

  • SHA256

    81b846765978f2eed8e4e9ef5e6187a551694a51e5ffeb19d77b03f8a6ccc523

  • SHA512

    d1860d21fcde6917777cb08b720f5987007ddbf5422208d0216dd7d5773f2c5d189d60add88f859d81d3a659449e56c3771978346dc3bcde49fb08cae9b23737

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://195.123.219.21/campo/t3/t3

Targets

    • Target

      81b846765978f2eed8e4e9ef5e6187a551694a51e5ffeb19d77b03f8a6ccc523.xlsb

    • Size

      197KB

    • MD5

      f56b13a4531308320270298e8c2ea192

    • SHA1

      25c0468d4ba09f05c0c75c5e0ac74583f3fd0ba2

    • SHA256

      81b846765978f2eed8e4e9ef5e6187a551694a51e5ffeb19d77b03f8a6ccc523

    • SHA512

      d1860d21fcde6917777cb08b720f5987007ddbf5422208d0216dd7d5773f2c5d189d60add88f859d81d3a659449e56c3771978346dc3bcde49fb08cae9b23737

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks