Overview

overview

10

Static

static

8

Debt-Detai...21.xls

windows7_x64

10

Debt-Detai...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-292687744-03052021.xls

  • Size

    78KB

  • Sample

    210305-944kmjpmd6

  • MD5

    afd804d298d7017937aeae6292b02e04

  • SHA1

    45d675b25e75e87ee7d5bc234a2017e387d5115c

  • SHA256

    8489048aac28b7481d939ef400ef39a8af9a7de2f4c8785ca556e89f0cecbf79

  • SHA512

    86ffb76955829aea983415292256f16c0b4e1989a32457cba1f95cb28a0d52e0acacc0e8856f9dc3832d7b2d71d9fa1ad13a79d23f516c04925dd077d03ff3da

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://kosherbansko.com/vozrhzftc/44260.8296322917.dat
xlm40.dropper

http://beautyhair.by/rkqhopvrb/44260.8296322917.dat
xlm40.dropper

http://trysaileggplants.com/xbbomazcknz/44260.8296322917.dat
xlm40.dropper

http://giftcard16.com/pghxph/44260.8296322917.dat
xlm40.dropper

http://www.ausfencing.org/jqikucbefrth/44260.8296322917.dat

Targets

    • Target

      Debt-Details-292687744-03052021.xls

    • Size

      78KB

    • MD5

      afd804d298d7017937aeae6292b02e04

    • SHA1

      45d675b25e75e87ee7d5bc234a2017e387d5115c

    • SHA256

      8489048aac28b7481d939ef400ef39a8af9a7de2f4c8785ca556e89f0cecbf79

    • SHA512

      86ffb76955829aea983415292256f16c0b4e1989a32457cba1f95cb28a0d52e0acacc0e8856f9dc3832d7b2d71d9fa1ad13a79d23f516c04925dd077d03ff3da

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks