Overview

overview

10

Static

static

8

Overdue-De...21.xls

windows7_x64

10

Overdue-De...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue-Debt-1393058072-03042021.xls

  • Size

    76KB

  • Sample

    210304-l2fyj1l6js

  • MD5

    d9d1d7afc86db20f7b3b0d5e2c49eec3

  • SHA1

    63474d3cdb01d8720280eee68beaf39406a8174a

  • SHA256

    cf9d55ffc69e92292eb9a896edc0db213ea28cabcedeee6a7cf5c8e65f164fe7

  • SHA512

    c26a65f55cc6d29ce5bd0224e8a598ee1671f2384f49a7fa6b3dc38ac4adc46d98ce0ae945282a0b1e121727ef6b3b7025e4688d148d7727ecf3ce5cdbd0330f

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://depositcontact.com/sjhqomzn/44259.710768287.jpg
xlm40.dropper

http://maverickcracks.com/evcxweyir/44259.710768287.jpg
xlm40.dropper

http://bladdercracks.com/yxxqegof/44259.710768287.jpg
xlm40.dropper

http://formulateaccountant.com/lrzxajo/44259.710768287.jpg

Targets

    • Target

      Overdue-Debt-1393058072-03042021.xls

    • Size

      76KB

    • MD5

      d9d1d7afc86db20f7b3b0d5e2c49eec3

    • SHA1

      63474d3cdb01d8720280eee68beaf39406a8174a

    • SHA256

      cf9d55ffc69e92292eb9a896edc0db213ea28cabcedeee6a7cf5c8e65f164fe7

    • SHA512

      c26a65f55cc6d29ce5bd0224e8a598ee1671f2384f49a7fa6b3dc38ac4adc46d98ce0ae945282a0b1e121727ef6b3b7025e4688d148d7727ecf3ce5cdbd0330f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks