Overview

overview

10

Static

static

8

document-5...98.xls

windows7_x64

10

document-5...98.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    this_issue (90).zip

  • Size

    33KB

  • Sample

    210312-98z2835v66

  • MD5

    ceb2a4105a0a097ba8bc09c88e97f169

  • SHA1

    92826f2743ee3bfd78024e584e6d529d9665f9d2

  • SHA256

    4e380e39f626f8dad6a27cd0be528f635657aa49222b84347f5a560b02441625

  • SHA512

    6f4ec21712b51915807cad3d88127660bffbafbbd57975f9c77aaba3f5cb967dc6da6386815990457ddf72ef62d091038c0ed08453e24f120f7a151764a26a86

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ipok12bcame03shzpiq.xyz/i.gif

Targets

    • Target

      document-543005498.xls

    • Size

      138KB

    • MD5

      504df8058f3663b25d7a69e266c85756

    • SHA1

      b0ec1cac1ee9085e61448df771aea7946a173ccb

    • SHA256

      de99a81bdf496e8861d123be3c7081960caedfdee391c0f5939d2005f11e1397

    • SHA512

      dfdd23ee5e28f2f6d2c017b8a68364ebc19141325f9265a6a50e03ebebfa6016bf8743c8aeedc32e7b2cd0676c3a901993b63830c0f6ea288ac6b8050e41bedd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks