General

  • Target

    Debt-Details-1834028850-03052021.xls

  • Size

    78KB

  • Sample

    210305-7xnkjjgq72

  • MD5

    5df7651d6c9e21ddcebea3a717e0ed78

  • SHA1

    2605972f724e084965e95779c1e42d8019463e71

  • SHA256

    d62710d9f65ef74cfd3a55ffede0a936d1cd1ab30fa43c4717cfe9678e873135

  • SHA512

    86dd48f466c21e65053ce368b78c89b15d8898213f35c93783944aa80c752c56a6711671beaf7bb3827b4f1978b352c57cb6380c5203cfad79117a565db3b37f

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://catch-laetitia.com/mtrfbi/44260.7020490741.dat

xlm40.dropper

http://placevirus.com/zoljiieoo/44260.7020490741.dat

xlm40.dropper

http://datbanhchungtet.com/vkaleaz/44260.7020490741.dat

xlm40.dropper

http://anklebreed.xyz/tcinmcstqll/44260.7020490741.dat

xlm40.dropper

http://codexive.xyz/omdfwjqyglhx/44260.7020490741.dat

Targets

    • Target

      Debt-Details-1834028850-03052021.xls

    • Size

      78KB

    • MD5

      5df7651d6c9e21ddcebea3a717e0ed78

    • SHA1

      2605972f724e084965e95779c1e42d8019463e71

    • SHA256

      d62710d9f65ef74cfd3a55ffede0a936d1cd1ab30fa43c4717cfe9678e873135

    • SHA512

      86dd48f466c21e65053ce368b78c89b15d8898213f35c93783944aa80c752c56a6711671beaf7bb3827b4f1978b352c57cb6380c5203cfad79117a565db3b37f

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks