Overview

overview

10

Static

static

8

document-2...50.xls

windows7_x64

10

document-2...50.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (51).zip

  • Size

    33KB

  • Sample

    210312-sjjela9mex

  • MD5

    ebda2827a23541fe9cd1605a8d525f97

  • SHA1

    5b1976e0c6e0b84ab74226bbc24c8a364878c78c

  • SHA256

    2161546f95ba248ef18336984b39e0a97266af5a985a97118265b11f76f46c99

  • SHA512

    0a8ba8b4205700299011d3bdda6827a0342ccc7eb34d91c7b93a1c1a511d43fff7188e49e962f93274bcdbed032b083f3f867a0b432fe9aa85807e5d66160ea0

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://gcfxb12aefoyn03epdoji.xyz/i.gif

Targets

    • Target

      document-232490250.xls

    • Size

      138KB

    • MD5

      e4cf46b35d3d71337b1ea4d2fd7aa6e6

    • SHA1

      3688deb57422a0bcac4875e49f47c9207aa8c4f9

    • SHA256

      a3dd883fef791bb1702169b25faa3416a76a818af4207ebfd355bbf3e57aec22

    • SHA512

      011aa94a244eb718a584d56443dfbfee0ca24637c5833319799bc8228dce3b66f2b27980818b20fa1afb4bb61cb32c4d378e8f31081dbb7cba6880dacd69cf97

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks