Overview

overview

10

Static

static

8

86827.xlsm

windows7_x64

10

86827.xlsm

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86827.xlsm

  • Size

    25KB

  • Sample

    210311-cnztpk9bdx

  • MD5

    d9094467999fcab2214d54fe940a1f5c

  • SHA1

    a07156fc2e27db0859c2377c68927744659763eb

  • SHA256

    c74dacc1af1d1ffa9e98a640ad0c9635003d20c9f43a46e72082bafb2cb00e71

  • SHA512

    d86d611011cacfe634d24e00df2b4ca679ac302056d89dd5c61bdb4ff8bafaf8b4d231a07c3e252b9066ac9023e52ac1068f93e5e6efb081b6e1ef4cb7eb3fff

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://tcommerceshop.com/server.php
xlm40.dropper

https://fernandogaleano.com/server.php

Targets

    • Target

      86827.xlsm

    • Size

      25KB

    • MD5

      d9094467999fcab2214d54fe940a1f5c

    • SHA1

      a07156fc2e27db0859c2377c68927744659763eb

    • SHA256

      c74dacc1af1d1ffa9e98a640ad0c9635003d20c9f43a46e72082bafb2cb00e71

    • SHA512

      d86d611011cacfe634d24e00df2b4ca679ac302056d89dd5c61bdb4ff8bafaf8b4d231a07c3e252b9066ac9023e52ac1068f93e5e6efb081b6e1ef4cb7eb3fff

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks