Overview

overview

10

Static

static

8

document-3...74.xls

windows7_x64

10

document-3...74.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    message__9DC9E4E67F814763D9B72BFEA8B5567E0E99CB74_unknown_.eml

  • Size

    52KB

  • Sample

    210315-1qjrxxvzfs

  • MD5

    596df6dc6528a0dd30fb263e94aa8f32

  • SHA1

    98e0d369d7876f2a2bfbe5238bda91880fd1429d

  • SHA256

    e6a3e8f8e0b0f8a5426d840198aa1236a5c3cd0cd0829bf7567c675d042900a1

  • SHA512

    d032d14bc240cabacfdb57567df0ff20df9be99f46357e45644e48a6f0d4a41e77145bfca68d2f8fd1e94cf70ea9317cf1b5f95062acccc7c10a2fd5cd2b7001

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://evz15lmlir03sygmyr.xyz/w.gif

Targets

    • Target

      document-389092874.xls

    • Size

      139KB

    • MD5

      f5efb7098a2c331eec563f88c52d97a1

    • SHA1

      e6750fe8da127696bc19e09fc00b523f0e68b990

    • SHA256

      4de71ee0856cda216f8b2b5c1a5dd40bc6bc61514bb6938bd10dd91cf933494e

    • SHA512

      83053cdd22e4b52c9dd3873c70938c4d997d4715c12011c821ddefd848b20374a6380ead40719720e355613f37a1f038135c0779145ecec0e24fec3c2379c19f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks