Overview

overview

10

Static

static

8

document-9...44.xls

windows7_x64

10

document-9...44.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prepared (78).zip

  • Size

    33KB

  • Sample

    210312-7wh39x37bx

  • MD5

    ed2c6cb8c415a363725ff70c735ed416

  • SHA1

    9104b8c5a2e99046ca822b3100ac4a5b84b386df

  • SHA256

    277131a09bf85ba60233348ab48f403930ed19c9e41253acbc15851586101916

  • SHA512

    218c7656e71c33b5a8dd0696417350ce1c26ddd92fe56f7d58cba8e24d57fc4d23f179eaa9324dc7a326b9594b7e361752732d46e00a0e9539f80354748ba482

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ipok12bcame03shzpiq.xyz/i.gif

Targets

    • Target

      document-996222844.xls

    • Size

      138KB

    • MD5

      e90d2a2f56259c727446606cebda3935

    • SHA1

      0bbe206461fe5b342e4dc64f9a5018d900d0467d

    • SHA256

      702819e475205cc650d688ef4ca3c7e8fed30e3db0d8435cf4ee502007facafa

    • SHA512

      cd4a4c66d22e4bd78e9d104509368cd3cb48c2638d53c1eb2e25262039352bf6c20e7dd1b8fd5272aed4cfc0b0a45ee668b2ec059878b66f92717819f4253121

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks