General

  • Target

    Complaint-Copy-645863057-03092021.xls

  • Size

    80KB

  • Sample

    210309-k43b1n5srs

  • MD5

    82952988f87c14f9164447079f092c76

  • SHA1

    fcf9a5ab347f01883e467699082947e560819e9a

  • SHA256

    53ab347ad2644e27bca72205d9dd9dcdba6852c150c5b4211c654f9230e4548e

  • SHA512

    c120e2e95ad557c0f8f0b96039b7535771a1aee6d13cb7c854b62f3cfd6491c2448c426e2694f0e3a2abea6db6f48e978df066e381382a88a55bf9ef27233882

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.kncomputers.com/zbremh/44264.8623118056.dat

xlm40.dropper

http://pureaqua.pk/foioij/44264.8623118056.dat

xlm40.dropper

http://sklep.omax.pl/bahuvxwm/44264.8623118056.dat

xlm40.dropper

http://nirvanaeyehospital.com/tabnhw/44264.8623118056.dat

xlm40.dropper

http://simplithy.co.uk/hxxnhl/44264.8623118056.dat

Targets

    • Target

      Complaint-Copy-645863057-03092021.xls

    • Size

      80KB

    • MD5

      82952988f87c14f9164447079f092c76

    • SHA1

      fcf9a5ab347f01883e467699082947e560819e9a

    • SHA256

      53ab347ad2644e27bca72205d9dd9dcdba6852c150c5b4211c654f9230e4548e

    • SHA512

      c120e2e95ad557c0f8f0b96039b7535771a1aee6d13cb7c854b62f3cfd6491c2448c426e2694f0e3a2abea6db6f48e978df066e381382a88a55bf9ef27233882

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks