Overview

overview

10

Static

static

8

document-1...90.xls

windows7_x64

10

document-1...90.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _file_attached (61).zip

  • Size

    33KB

  • Sample

    210312-3zw673cq3a

  • MD5

    f6ea08faf208fb02c76d2ba1faa5d7f6

  • SHA1

    2773e133d0c7cf288e1bd3f5168a4ddb67572132

  • SHA256

    64cbf5b608a951a74281ad78c2d8426461b30c3b3551aa204967f58b567fe0aa

  • SHA512

    486dba7dc288c0b1e014195673b3d4e3cd1ad8232db449247cdb27262e8f5df64dddcea3bdc82e3d1a69c62c668fed57558e8b9791f0a2653ae39bf9a76d8179

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://nvelj12qyyfi03kqxy.xyz/i.gif

Targets

    • Target

      document-1102936390.xls

    • Size

      138KB

    • MD5

      de7b4a4cebde9b7d225f21a522269fb1

    • SHA1

      b90d3a4439b3a0088963f06c6f6185affdee3238

    • SHA256

      e214a6d292f286a7be2753a0ec6f11ded81e611f2fd39f94ec262a4ff47c2c71

    • SHA512

      086444a016881f99fc2cd92a987ee18b62200a238abe67701ef127d80ebedbb6ec6092b8e903eba28f456d75bcf4828dfb82f415174726f74fa11d32aea8c706

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks