Overview

overview

10

Static

static

8

document-1...83.xls

windows7_x64

10

document-1...83.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    collected (42).zip

  • Size

    33KB

  • Sample

    210312-jzy1d38t92

  • MD5

    d3779718f632f49e58d7eaa71acf89fd

  • SHA1

    0ea0dc3ed814a17196251f8356f8522b56e753e1

  • SHA256

    2629771e79bb397255f48599fea26cbbb87d371eed7adbc955e102dfbabff37e

  • SHA512

    a798177472d613ba1d9871c717466e8ca6d70cdafcb35ea03b571aee3a436433e481810d6e77d8e8578dd868845ee47bfb3de80f7a824886be59133bcd256555

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://gcfxb12aefoyn03epdoji.xyz/i.gif

Targets

    • Target

      document-1493660683.xls

    • Size

      138KB

    • MD5

      14d530304d5dc7de3ac733668aada46b

    • SHA1

      b2bea2224cecce48b64c6266567f00c826f12704

    • SHA256

      043a3b64882b41ead3af3c2476b7d62ce11485897f77281755973dbf1701283b

    • SHA512

      f6cf83f0fd6a54dd71c1962e13948330765122887ece92e602139f7c0359991a6f316700874177edaeca246a91b685ff80aaddf9bd7bc59f78b888a3be8b3716

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks