Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Copy-229880411-03092021.zip

  • Size

    13KB

  • Sample

    210309-apyfb4t6tx

  • MD5

    8fe76aa68c93cd427bd5bf0e320798bf

  • SHA1

    bbfebc91b8b1821af34d8e416b174d07c7ed1710

  • SHA256

    78452ce2b8b3434738d7d77450dee01400bc6509a5acd28a616b363dccf64c6b

  • SHA512

    301c4d3be151bb135a91cda7b38d9125f6cc3453bc801ce7477195f7be91589742f3ce5d140417a513ce270c338592a5753723b952dd7e10af8cd2eea4bb8b50

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.kncomputers.com/zbremh/44264.8224950231.dat
xlm40.dropper

http://pureaqua.pk/foioij/44264.8224950231.dat
xlm40.dropper

http://sklep.omax.pl/bahuvxwm/44264.8224950231.dat
xlm40.dropper

http://nirvanaeyehospital.com/tabnhw/44264.8224950231.dat
xlm40.dropper

http://simplithy.co.uk/hxxnhl/44264.8224950231.dat

Targets

    • Target

      Complaint-Copy-229880411-03092021.xls

    • Size

      80KB

    • MD5

      3380b28f67bf1f41c7b42da78f94fe2b

    • SHA1

      5cbf716bfb4201fbc905f643f07d181123a7d123

    • SHA256

      56dd80b27c4010a429a663feccdc0e1896e5ca51ddb45604478d02e00cdc5c70

    • SHA512

      c424d751c676c5b7ef1cc702a2a16b7638482718555c0377edf522718a6acd0c60e30797d00a896c2dd76bf62446e4b37dbeaae87e20ad332a14d2e4b9f0c5c7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks