Overview

overview

10

Static

static

8

SecuriteIn...77.xls

windows7_x64

10

SecuriteIn...77.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Heur.18154.14877

  • Size

    188KB

  • Sample

    210304-qcjqkvpr3a

  • MD5

    da5de746eedc1d8b6ce299e62c11d822

  • SHA1

    fd2ec0a01305c9ec7a81bbf34bbb802649c0f72a

  • SHA256

    d6cc8bb9fb94ae2a9b12e15db534cb5c021c37fc104b46c7db8096e1f1108740

  • SHA512

    1eda1d9e2de0e6483e730098bcbf08856bd9c8c41c15749b5d359b2d091ff39dcc68ffa16a96a76bbe0a207e26f88f17c55232dad76c4c88226a85e8afc48fc6

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://davidachim.com/wpold/document.php

Targets

    • Target

      SecuriteInfo.com.Heur.18154.14877

    • Size

      188KB

    • MD5

      da5de746eedc1d8b6ce299e62c11d822

    • SHA1

      fd2ec0a01305c9ec7a81bbf34bbb802649c0f72a

    • SHA256

      d6cc8bb9fb94ae2a9b12e15db534cb5c021c37fc104b46c7db8096e1f1108740

    • SHA512

      1eda1d9e2de0e6483e730098bcbf08856bd9c8c41c15749b5d359b2d091ff39dcc68ffa16a96a76bbe0a207e26f88f17c55232dad76c4c88226a85e8afc48fc6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks