Overview

overview

10

Static

static

8

Documents449.xlsm

windows7_x64

10

Documents449.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (89).zip

  • Size

    42KB

  • Sample

    210315-84tgj8ks6j

  • MD5

    5f5fd6a4559a60ee6f59856d9c58ce42

  • SHA1

    98696b3ea6d5972d88cd58fb081f1a44d304d1e8

  • SHA256

    e75d1f70aaf82289112e4b3859563131738019cfb2198a96a5d6197a99db4f20

  • SHA512

    0c7cfd5738bf5ed80a7346691521d0674630a75c89602994c37c45cb777045b0acd602f6f190fdf612b78c1b7c6170b4011547824043656a6ffe8047f8e905e5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://yar03jmtvr03jtqg.com/index.gif

Targets

    • Target

      Documents449.xlsm

    • Size

      57KB

    • MD5

      9dbad542b671f4e700258b2c58a9195b

    • SHA1

      0a24b5ba33f37c387a9895702959169f4f577bfa

    • SHA256

      3d799da3e93bebcb93e74ebf906a4690914aa338538eb7abe5627ff87e455da7

    • SHA512

      f50541f6c7059f7a61fe9896b6d0eccfedc34a5b3a81ee7232ea792d0946105c1070785decb54357a3b834a67a3fb37edeab4ab093a474d7a546b0f75b0a5647

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks