Overview

overview

10

Static

static

8

Overdue-De...21.xls

windows7_x64

10

Overdue-De...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue-Debt-1089231007-03042021.xls

  • Size

    76KB

  • Sample

    210304-cn5x1q7ktn

  • MD5

    a247cc778977b46e22181cd610c74b14

  • SHA1

    0c46f44b4b6add517fdee6dfda3f83d744a1fb94

  • SHA256

    f668f2176db468225b7ab8aadcf25cf57f4efed40eafdf745d7248601a72eacd

  • SHA512

    95b8cedf292769e9bb8a4f192869a4caaae62e8612dfd19fdcc9bf8cd676058a6dffbbcb2c1af6265047e1444e257269181e497673028060336da193d92e2e9b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://giftcard16.com/ozdomsmm/44259.7173152778.jpg
xlm40.dropper

http://www.ausfencing.org/pafmwptlztwo/44259.7173152778.jpg
xlm40.dropper

http://mubasharhussain.ml/lwjiel/44259.7173152778.jpg
xlm40.dropper

http://artisthub.farahasmar.com/bzdydzj/44259.7173152778.jpg
xlm40.dropper

http://rrmmarketing.com/qqduill/44259.7173152778.jpg

Targets

    • Target

      Overdue-Debt-1089231007-03042021.xls

    • Size

      76KB

    • MD5

      a247cc778977b46e22181cd610c74b14

    • SHA1

      0c46f44b4b6add517fdee6dfda3f83d744a1fb94

    • SHA256

      f668f2176db468225b7ab8aadcf25cf57f4efed40eafdf745d7248601a72eacd

    • SHA512

      95b8cedf292769e9bb8a4f192869a4caaae62e8612dfd19fdcc9bf8cd676058a6dffbbcb2c1af6265047e1444e257269181e497673028060336da193d92e2e9b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks