Overview

overview

10

Static

static

8

Debt-Detai...21.xls

windows7_x64

10

Debt-Detai...21.xls

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-483071328-03052021.zip

  • Size

    13KB

  • Sample

    210305-qaj64jrfss

  • MD5

    43930d279cf21042e6156f99d9db8f91

  • SHA1

    8d2516b923832ed033d575e9d4cf881905786973

  • SHA256

    d7b7220af5d1c3266dafd0cada2e8351701bda16ddfe8ff0dc83696aaa451a22

  • SHA512

    93d83d7a5dd1b477ac8c4e6b0c318bf44b4b1f1cee55207b44904876e3e290b9eea2079bcd3be729d7b63023674ef13b9965a319355c51dbb1c26fa50bbff8d1

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://catch-laetitia.com/mtrfbi/44260.7525686343.dat
xlm40.dropper

http://placevirus.com/zoljiieoo/44260.7525686343.dat
xlm40.dropper

http://datbanhchungtet.com/vkaleaz/44260.7525686343.dat
xlm40.dropper

http://anklebreed.xyz/tcinmcstqll/44260.7525686343.dat
xlm40.dropper

http://codexive.xyz/omdfwjqyglhx/44260.7525686343.dat

Targets

    • Target

      Debt-Details-483071328-03052021.xls

    • Size

      78KB

    • MD5

      cc88b3cfe0d4149b7d8fb0de103bdbb6

    • SHA1

      3db71668e8964f6d12d0388c552ef428f5a20c6c

    • SHA256

      8305be9da57cff9ed85b512e99d68e193c88000f725cb43554a59a49fd5c3532

    • SHA512

      d3dbab35100b8a51ceb0d18adb1805b30175d4f0bf2ccfc6e90f65431c9d8468d70a9ca87137f3ae4658d502c66462f34c90cf7e926ca0410c85c5ef45729854

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks