Overview

overview

10

Static

static

8

Overdue-De...21.xls

windows7_x64

10

Overdue-De...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue-Debt-1978216329-03042021.xls

  • Size

    76KB

  • Sample

    210304-k376nc3een

  • MD5

    bb4921e104b88ec0b849dd4043e5c3cd

  • SHA1

    e0944cb8c0afc61669d1b5ba470bb72cacf17322

  • SHA256

    5aed5c40925066f46d71a4954e71b1b243d0bb3742c8a914ca6d81f2696f09e4

  • SHA512

    3bfce802297f47487fc69e6b47df277d44cebf58db1d24d84a4b0a1fb8116f84957069aec2aa290ea65193c596faf8999f415f983c58e907d1922aafc46d1b7d

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://giftcard16.com/ozdomsmm/44259.7029836806.jpg
xlm40.dropper

http://www.ausfencing.org/pafmwptlztwo/44259.7029836806.jpg
xlm40.dropper

http://mubasharhussain.ml/lwjiel/44259.7029836806.jpg
xlm40.dropper

http://artisthub.farahasmar.com/bzdydzj/44259.7029836806.jpg
xlm40.dropper

http://rrmmarketing.com/qqduill/44259.7029836806.jpg

Targets

    • Target

      Overdue-Debt-1978216329-03042021.xls

    • Size

      76KB

    • MD5

      bb4921e104b88ec0b849dd4043e5c3cd

    • SHA1

      e0944cb8c0afc61669d1b5ba470bb72cacf17322

    • SHA256

      5aed5c40925066f46d71a4954e71b1b243d0bb3742c8a914ca6d81f2696f09e4

    • SHA512

      3bfce802297f47487fc69e6b47df277d44cebf58db1d24d84a4b0a1fb8116f84957069aec2aa290ea65193c596faf8999f415f983c58e907d1922aafc46d1b7d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks