Overview

overview

10

Static

static

8

document-7...81.xls

windows7_x64

10

document-7...81.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file (91).zip

  • Size

    33KB

  • Sample

    210312-6k56xeg53a

  • MD5

    095ab6ba6daaeacd4452919b7358359f

  • SHA1

    ad04b5ca1d6d5f32c27d4213961d6bdfdf22bd30

  • SHA256

    dfdc8d8c9d261ccfba9cbbb77dc1a78c2009780f9750361c211ec2041aa38bd4

  • SHA512

    937268c99f1cc245717a96600fb634b1a0e18249b0cd40d586704069b28ab6aab025f4da8a413a420ccf11606ef1b65bcb485953cacba00dfcfb19c2bc083eb2

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ipok12bcame03shzpiq.xyz/i.gif

Targets

    • Target

      document-701815281.xls

    • Size

      138KB

    • MD5

      7fd4cd71a382b758a29c57136d7262c5

    • SHA1

      f3e3ae83a7a8a884c1a295f3a6d652020d672ff5

    • SHA256

      5081fe0f1b118bb19cd4414caa1d47d14684d6e0bc575f04961f7d15be483cfb

    • SHA512

      aef6ee3683634e796090f1b1eb63a3510071a769728d0e109e5225cb790b8bcab0a590d2ac8c0717a7a700225eb8d784ca374b3c8886ea5ba26d1e4891902caa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks