Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Copy-1927053634-03092021.zip

  • Size

    13KB

  • Sample

    210309-6cahx8qeme

  • MD5

    346b695251b68d8e9f16fb546048c583

  • SHA1

    2dba4090ab4d30bb21110fde2c38c67120b366d5

  • SHA256

    6bba0baf20f0f2165bef7b18926888ea4aaa15180d1ffed72156bf012bea34a1

  • SHA512

    1a58d39232dbbb7680951f58505802864c74cc0ffe25366133d40332bde9ff6ce512fd4b986954f28498735c213b5b83f5fc9501c922828e43864bbef7263eb1

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://edgethefoundation.com/owdkvdylem/44264.8594305556.dat
xlm40.dropper

http://thehealthandwellbeingclub.com/vrplxjytfbp/44264.8594305556.dat
xlm40.dropper

http://aslambek.eu/nqyxczidjed/44264.8594305556.dat
xlm40.dropper

http://samsung-drivers.xyz/npbpm/44264.8594305556.dat
xlm40.dropper

http://osrsport.com/tlftzsi/44264.8594305556.dat

Targets

    • Target

      Complaint-Copy-1927053634-03092021.xls

    • Size

      80KB

    • MD5

      3d3344db6ca918a41414d5712ec6c16a

    • SHA1

      9770c2bc620f2c9eed763b456b5bbc97e26c0500

    • SHA256

      3811f51730cc6dd2da284094e7584f352080ebd10fea0469aae28d207daa6ee9

    • SHA512

      1c4c362ee50e8ffa40f5d8482e61f11078754eec548e9b9d5b773c777a14cc0b8a1f45e71bb54083168917769f6a52fd6f85edc46c869cfc7c34c06f9b8d96ab

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks