Overview

overview

10

Static

static

8

Overdue-De...21.xls

windows7_x64

10

Overdue-De...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue-Debt-2011551101-03042021.zip

  • Size

    13KB

  • Sample

    210305-x956w2ccsx

  • MD5

    e56501a3d6fc7069d3c7ba7953df5f23

  • SHA1

    263de38cf72cf5541e2f60260f8bfd5d743c26ce

  • SHA256

    72d8d9465371cb6b97738d6eb6cf22c4ac2de4c391cf67b71af7f125ecef7366

  • SHA512

    ea1c347a7419bf512958dc06bc3049dea777c8b232362cef016583809e65d53efc91e520d72084d38e99b9c2a27510fa0bd850158ea6452f78b644a29b7a055f

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://giftcard16.com/ozdomsmm/44260.3414311343.jpg
xlm40.dropper

http://www.ausfencing.org/pafmwptlztwo/44260.3414311343.jpg
xlm40.dropper

http://mubasharhussain.ml/lwjiel/44260.3414311343.jpg
xlm40.dropper

http://artisthub.farahasmar.com/bzdydzj/44260.3414311343.jpg
xlm40.dropper

http://rrmmarketing.com/qqduill/44260.3414311343.jpg

Targets

    • Target

      Overdue-Debt-2011551101-03042021.xls

    • Size

      76KB

    • MD5

      7a47928a225ce7f7ed46588ce33461d8

    • SHA1

      2ac088f42877472f9577f1d4b5ec7d103dcbb9db

    • SHA256

      7c5747c236ee6957a2cc3c33dba9d2888d8c1276430d3fc06f5c4b8552d55b3d

    • SHA512

      cf88be8d972a344da19b50a77c76102855f8f5167c00b63b798a4b0878d1d3c62dce5ab421a6d91e3b2b5f25c5a2c5605c0a1e3fdf21fd62b499e9468bbfbb60

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks