Overview

overview

10

Static

static

8

document-4...70.xls

windows7_x64

10

document-4...70.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (80).zip

  • Size

    33KB

  • Sample

    210312-lss5zfvb8n

  • MD5

    f534a79765060a7517af446bd4b2def2

  • SHA1

    767814cf1fb72c20088ac5f6959c7f2ecc018efe

  • SHA256

    19b5d779fd59c2b1804659034f13c4e9706742ce3fc0f71c5852b20f9c30ab96

  • SHA512

    005429dfb5960787846f436f6040370d8c83c107078563ba4f244f829f5777b1aa0a31d4a571d2f42f73c22e4f161ed07268cf40c2784b17025dd4c2d300e90b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bqx12lnjk03rrdio.xyz/i.gif

Targets

    • Target

      document-404114370.xls

    • Size

      138KB

    • MD5

      c2a724ba16a200c2eace74b9f0059cb7

    • SHA1

      6cd4d6417e888ff16cab1fb9c45824eb6f7b260c

    • SHA256

      2ee325d1f3f100c7e1b002b6ed27c6cbc123e015c5519f69a814699306b56bd3

    • SHA512

      42956fd6eb5a2ca0e5d818e36ca8ba7ef9f07baf549d9f301ae9bfe3b6d942b2cdab000f01298943a2016dc4f06b032abe3871cc9a363b4f0a56be09de0d59b0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks