d80fe38b47b7ee9bc76e40c8e6027b5e5546af1be8d9e3aa0af9ad05bca0dc14 | Triage

Sharing

General

Target

CompensationClaim_847899379_03122021.zip
Size

50KB
Sample

210313-vxnnwzf4zn
MD5

1fd5c2936b41bf844fe1f9beab0336a9
SHA1

4cae38bfbfab64e01bb01e7dd90635fd3f64a373
SHA256

d80fe38b47b7ee9bc76e40c8e6027b5e5546af1be8d9e3aa0af9ad05bca0dc14
SHA512

4ddab1b7f6da1084f680cf4357bca574a89f2d876b50777d6eb4184e2734e5838b55998ca54106beb758724fa37924bb8da5d5f3f49c9070b45452cadb2cc5ac

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://185.82.219.161/44268.1496346065.dat

xlm40.dropper

http://45.140.146.26/44268.1496346065.dat

xlm40.dropper

http://188.127.227.167/44268.1496346065.dat

xlm40.dropper

http://44268.1496346065.dat

Targets

- Target
  
  CompensationClaim_847899379_03122021.xls
- Size
  
  280KB
- MD5
  
  3e7a0655c80129cc84e6b0415f0acedf
- SHA1
  
  1def6f7e96b0f4a8b4300cb1dd1bde39bed50520
- SHA256
  
  908cc857270fcc0f0c278165df9cf6b5ff008388722e687eb9d6544def9c49db
- SHA512
  
  f5c040662fee49c81d2bd21409ca84d2c3083b4253fdfe8765d47c41b608f2a741b725901f256c17725c7089daa30a4f3151dc31478b240cdd3d72363b188041
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2