Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Letter-1737783681-03102021.zip

  • Size

    49KB

  • Sample

    210311-ycr59h4bmx

  • MD5

    70f77a6cd337adab0afce1acee20d2c4

  • SHA1

    05cb7160b50d3b25afc626bb9f24125fa2f10dae

  • SHA256

    061cc686cc419c20be9207dc08cf30387e4dd3ad689f75769f15901848f4745d

  • SHA512

    8c87fbce93e8d4045717eb3507f465b64f7982ccfe6137702fedf41b5eef467459815131a68a3d28a9b518ea00716599e409ea4759c2900e6cc60726a8aa39d1

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://lackenbauer.ru/bd/hhvqjrec/44266.5805623843.dat
xlm40.dropper

http://www.peacezoneacademy.com/dxsbonlv/44266.5805623843.dat
xlm40.dropper

http://jopo.com/gmaaxbro/44266.5805623843.dat
xlm40.dropper

http://www.thegivingwall.co.uk/jfgolx/44266.5805623843.dat
xlm40.dropper

http://baxtercode.com/qkhpnucmzts/44266.5805623843.dat

Targets

    • Target

      Complaint-Letter-1737783681-03102021.xls

    • Size

      276KB

    • MD5

      a43af9b5594cb1cfd748e6a4a33c3dc7

    • SHA1

      8856a2c2c6975693a2ec9f603aba226596e74d55

    • SHA256

      69c60296879563e341e1dba8da2f421893ad9697593a5deeaff3e79abb57dd9a

    • SHA512

      d74ec67a73d4fb87cdbdf5978a7953058004f6f7dd49cc4e5dc12e5eb331388f020fc409b9b6e79056b18c2fa9262e19ab1ffe3321376798f808bac0c3b9f83d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks