Overview

overview

10

Static

static

8

Documents972.xlsm

windows7_x64

10

Documents972.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (52).zip

  • Size

    42KB

  • Sample

    210315-4l9jwkc3pe

  • MD5

    47423c315add947d76fed8ea7731b4cf

  • SHA1

    99cc5bc15094110ec996d382646eb5d90da7a4e5

  • SHA256

    4465a69d494a4920092c4c75e6d3e8a419c18f664a64391b6b35295022eeb44b

  • SHA512

    32c0fea34c77139b75046a698a2f98784e3df5cb6aee9d5a62fd1be606e6cc87731e66668df67e8f1e131ac2bce0f7c40134e3a273ec9faaa983fa6f6c99e77b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://xgka03stox03cloeqz.com/index.gif

Targets

    • Target

      Documents972.xlsm

    • Size

      57KB

    • MD5

      9793c1a18272f2459fee69f8f914388f

    • SHA1

      740aa60f77f9372bad6e533637ef9e812d1f9b44

    • SHA256

      9ba472bd3fcd23bf1b820c9f35e33fd64c334c2e3b7189bf77bc0c080c449e56

    • SHA512

      4fd053e65f414f20c3ef3f53169968f0766f63dea462b373b682734c32309a128a975609c636d7cf42350319d88e1c15c77f98041b25d9c65eb077560022edfa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks