Overview

overview

10

Static

static

8

document-1...76.xls

windows7_x64

10

document-1...76.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    found (36).zip

  • Size

    33KB

  • Sample

    210312-gy1d9ra3z2

  • MD5

    2ae3d8bcf1f9ce11b4ba20f7db969420

  • SHA1

    f9878cc1c1890416efd241f7b9b1c2981541ea69

  • SHA256

    b2883b728b9bf8074b8f47fd588ed241e73ebd7ed878001fe06599b956c9917c

  • SHA512

    7baaf71a6ff2006cc3e462480bb42327253da92419a8abff2a26e413867322067d718a7580282afd3cd2106b97278f306dfc5d4ad95b9fb9a5da32d33f360b88

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bqx12lnjk03rrdio.xyz/i.gif

Targets

    • Target

      document-1388821476.xls

    • Size

      138KB

    • MD5

      102c42e37d69f7b0bdd22535e943701d

    • SHA1

      9b6d23586cad108bd8ad634cdc274d7848427149

    • SHA256

      64cc0ef2b4d2b1ee6d5604fbbaf3517472d933da6bb5b77126a5d2a1b3c553b7

    • SHA512

      9ebcac73058ec1cca2248ee5c262766d8d5de9aa956072aef23faa38189c2a3daa8a8e0abcca86ce7715d5977916e130d6e368855db4ea6286e2521f66ecf700

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks