Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Letter-569691619-03102021.zip

  • Size

    49KB

  • Sample

    210311-735vw7gtb2

  • MD5

    b8958691719e8a1170f7ca48f3c81267

  • SHA1

    a69514f80958329c6e1fbda68ac4a1e14bc48e54

  • SHA256

    09e6b46502c94b3cb5d7b8dd9c9dcda29f2d140488d8c09415ea9b0c6b484019

  • SHA512

    66027d0a42a166f33890370acd4a3fcfa766051b9adac15c48071243e9380f478974abd45b46b1fee0b028e63b5cd4a2618430ca4b0f6741ccf1eca827a7d3ac

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://lackenbauer.ru/bd/hhvqjrec/44266.6274886574.dat
xlm40.dropper

http://www.peacezoneacademy.com/dxsbonlv/44266.6274886574.dat
xlm40.dropper

http://jopo.com/gmaaxbro/44266.6274886574.dat
xlm40.dropper

http://www.thegivingwall.co.uk/jfgolx/44266.6274886574.dat
xlm40.dropper

http://baxtercode.com/qkhpnucmzts/44266.6274886574.dat

Targets

    • Target

      Complaint-Letter-569691619-03102021.xls

    • Size

      276KB

    • MD5

      f05457b10a928c0a84211af6dd3a535e

    • SHA1

      6cf3b1e91afeb5bf54f466a38bc3a8fc24b66b19

    • SHA256

      dd357107e0c6c37da4aa8a5db0a555f904ad2d02851e31c60dea5fc1e7194981

    • SHA512

      6684de7baa4419f5c848921d36340a753e6a1e3ed7235fadf3b2c0bb5164396f6315b6524e7095be431fa2927b0f7f53c5d99557e973415ffbc4bce30a70aa5e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks