Overview

overview

10

Static

static

8

Debt-Detai...21.xls

windows7_x64

10

Debt-Detai...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-1866838507-03052021.zip

  • Size

    13KB

  • Sample

    210306-dr7mg6xb2a

  • MD5

    46b7f4c9291acd79df08265423042055

  • SHA1

    9ee994960307ca309008ea6616a02219b69c1981

  • SHA256

    d86896f1def9f83dac839aec032825ec7034dbe11ac0a4d80e24620fe8c1341a

  • SHA512

    ce3cd29a5b47e70f6cc1e77855e41f22f11eb49fd8d50aa3cacab9c22eb7d0164c7f57e49c39dd5cc60bd826c32136ded9597641af13d55902295754f4791f51

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://kosherbansko.com/vozrhzftc/44261.2650854167.dat
xlm40.dropper

http://beautyhair.by/rkqhopvrb/44261.2650854167.dat
xlm40.dropper

http://trysaileggplants.com/xbbomazcknz/44261.2650854167.dat
xlm40.dropper

http://giftcard16.com/pghxph/44261.2650854167.dat
xlm40.dropper

http://www.ausfencing.org/jqikucbefrth/44261.2650854167.dat

Targets

    • Target

      Debt-Details-1866838507-03052021.xls

    • Size

      78KB

    • MD5

      8c01f8797ce7a38a48ea85806ff0f27b

    • SHA1

      f350104ed4321364a275b6dcd27f24b8a3a50164

    • SHA256

      e28619a0407b048a7a5f9875ad8725bc39ff8fc02172c0ead54de82265156b33

    • SHA512

      451063610fcb2bd6861831ff8e549adc78f8e25ce8235f4029dc635f47481c019bdcb8fa8c8ed399daa5ae20f7cc8b5dbe2a92f32a336830d24f0190d31090f3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks