Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Letter-1562041087-03102021.zip

  • Size

    49KB

  • Sample

    210311-sc5jw3e2za

  • MD5

    0cccd80f74712e824aee103f664b96f1

  • SHA1

    8e605b2ff6b01d19b878d1f8a42bde68752edc3c

  • SHA256

    84d10b6f0f9746db37315a9df09016ab1da5e7c2918c2d0e6ddb90b23cbd6df3

  • SHA512

    9f28ada0cdbae202b439b654aaee02f7894d3081830b7e290fdce0b9b3554517a65f715580f48567d0471aea5e83d423d81077561915cdcb728c61c68c5cfea3

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://vasprogramer.com/xcuaqrfwpaf/44266.6276302083.dat
xlm40.dropper

http://mboard.baydevelopments.com/tkihlgt/44266.6276302083.dat
xlm40.dropper

http://porcarabanchel.es/kgbpstokjetx/44266.6276302083.dat
xlm40.dropper

http://klickprints.com/jcqywmbz/44266.6276302083.dat
xlm40.dropper

http://werkplaats1.okker.nl/jiejgtgde/44266.6276302083.dat

Targets

    • Target

      Complaint-Letter-1562041087-03102021.xls

    • Size

      276KB

    • MD5

      97f27473726b5df577af145b2c6446c9

    • SHA1

      9c670a3fbad0d5f32913a1d823aeed4210cdb8cd

    • SHA256

      6324f93b071899aefccb5d511efa75ced57554a51ef6c6281cafde5a78febcfc

    • SHA512

      dce62d4d96aaab916b502d0873a70320c71af072b489954555ca3969cb575ca7dcfa29020153f8350b3fad40291861546e0bb0f0f8bf3e8b2abd682e287b47c5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks