Overview

overview

10

Static

static

8

SecuriteIn...0.xlsm

windows7_x64

10

SecuriteIn...0.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.VB.Heur2.EmoDldr.16.17436866.Gen.19501.16600

  • Size

    254KB

  • Sample

    210309-sp3lefxy5s

  • MD5

    389b02e6843fe288c18f784be63df9c1

  • SHA1

    2d86d4f667515c092984fd02ce99d20aac3608c5

  • SHA256

    21bf810cf015e8ffec9b844632a94274d9d387ad528e7d75adf116acea5a4d4b

  • SHA512

    4063a50788eb5f896c9d68fbcdf3f621d1c63b3a091c5d67699c2926499f1fd7a7b0dfee76c2a15cc907230c9cf64c859ab96e5b3885f33e9f42d544905fd764

Score
10/10
macro

Malware Config

Targets

    • Target

      SecuriteInfo.com.VB.Heur2.EmoDldr.16.17436866.Gen.19501.16600

    • Size

      254KB

    • MD5

      389b02e6843fe288c18f784be63df9c1

    • SHA1

      2d86d4f667515c092984fd02ce99d20aac3608c5

    • SHA256

      21bf810cf015e8ffec9b844632a94274d9d387ad528e7d75adf116acea5a4d4b

    • SHA512

      4063a50788eb5f896c9d68fbcdf3f621d1c63b3a091c5d67699c2926499f1fd7a7b0dfee76c2a15cc907230c9cf64c859ab96e5b3885f33e9f42d544905fd764

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks