Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Copy-586583352-03092021.zip

  • Size

    13KB

  • Sample

    210309-8fp1dc6w9s

  • MD5

    9f63b021d3233b2895e542b7d96306a4

  • SHA1

    90c65a0e1649143d099ef91313525f30b7826b52

  • SHA256

    76fe96d3bf7ac8c80fb1a41f2dce3dc25e4e92b7b9bd07ea77971d6eacaa3418

  • SHA512

    8c5106732bfa650cb12764239ebf107de1ed1dba3e67d63a3a77e39d574bce3ffe2b289ca7b690d0cd81c29d815c6080187f37eba1659d28de8f7cfcd0abd6a5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.kncomputers.com/zbremh/44264.8228959491.dat
xlm40.dropper

http://pureaqua.pk/foioij/44264.8228959491.dat
xlm40.dropper

http://sklep.omax.pl/bahuvxwm/44264.8228959491.dat
xlm40.dropper

http://nirvanaeyehospital.com/tabnhw/44264.8228959491.dat
xlm40.dropper

http://simplithy.co.uk/hxxnhl/44264.8228959491.dat

Targets

    • Target

      Complaint-Copy-586583352-03092021.xls

    • Size

      80KB

    • MD5

      c59317100bd570df0a5729f966f1d841

    • SHA1

      5d4e7fd3ecafad8c999e82a7cdc95efe3d04447d

    • SHA256

      c7a7d8e5ba1e52d7fdcc0ebabc1a0b11b6cf87281bfdcab8f9945588c8c8903c

    • SHA512

      fd77b45c1e41a58de7e7c2d5e4b1faa7036c2a065e8f24c26df39ef8ab91c449864036e4f45ac0ad9c31a13e6ce0fb100a3b0ae28bc3633555a774cfca12d19e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks