Overview

overview

10

Static

static

8

general_1576.xlsb

windows7_x64

10

general_1576.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    general_1576.xlsb

  • Size

    61KB

  • Sample

    210315-3mgh453ng2

  • MD5

    a872e2984b89d760ca507fb9109639ad

  • SHA1

    01c18c131ac943985f9179c1136848cfaea4c22f

  • SHA256

    49571df3567dd31c19324e8c098f2d627af195fcd4be14f7e624a8c73c137ca5

  • SHA512

    713db891eb00bae9784857bb6b2515dc2863d725bb022e151ab88fc3e1992d681f954d12e24e3545c38a8377633d5b86d7bf0366aa7ea3adb54927a9d3ee2792

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://statisonline.casa/register.jpg

Targets

    • Target

      general_1576.xlsb

    • Size

      61KB

    • MD5

      a872e2984b89d760ca507fb9109639ad

    • SHA1

      01c18c131ac943985f9179c1136848cfaea4c22f

    • SHA256

      49571df3567dd31c19324e8c098f2d627af195fcd4be14f7e624a8c73c137ca5

    • SHA512

      713db891eb00bae9784857bb6b2515dc2863d725bb022e151ab88fc3e1992d681f954d12e24e3545c38a8377633d5b86d7bf0366aa7ea3adb54927a9d3ee2792

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks