General

  • Target

    359.xls

  • Size

    58KB

  • Sample

    210309-zej2lflxkj

  • MD5

    d7e28031147b036422fb0920d767c4b0

  • SHA1

    edfa5aa852b506c78f3f95b541baaa8c81efbb83

  • SHA256

    2613196c01bb5676ebf85b913762efc9f7c2b64bb0b80ee7580f5ab74a5a0192

  • SHA512

    31850a02c4a8e3be38407457f4479e20b6bed06cf7d8daff7709d7eecf77de23436dd9172f6bcc2fb909984dce0e7b19dbc5840eb7a418f588d1e82cf1d8558c

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://solemnenterprise.com/k.php

Targets

    • Target

      359.xls

    • Size

      58KB

    • MD5

      d7e28031147b036422fb0920d767c4b0

    • SHA1

      edfa5aa852b506c78f3f95b541baaa8c81efbb83

    • SHA256

      2613196c01bb5676ebf85b913762efc9f7c2b64bb0b80ee7580f5ab74a5a0192

    • SHA512

      31850a02c4a8e3be38407457f4479e20b6bed06cf7d8daff7709d7eecf77de23436dd9172f6bcc2fb909984dce0e7b19dbc5840eb7a418f588d1e82cf1d8558c

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks