Overview

overview

10

Static

static

8

File_145565.xlsb

windows7_x64

10

File_145565.xlsb

windows10_x64

10

Resubmissions

15-03-2021 19:15

210315-lysnggh31a 10

15-03-2021 19:11

210315-8dqehx1vwx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File_145565.xlsb

  • Size

    233KB

  • Sample

    210315-8dqehx1vwx

  • MD5

    99421c3f76ea8ef636173c6a3fc43e05

  • SHA1

    439c69a29dc2f4d7b52658cc78053c6153e62582

  • SHA256

    6a75b37a3f47cf8b5237526528aad5ff12ba1f498773caac507448f282ce5cc9

  • SHA512

    90fc816e5645b1f72fda82d7d26e3d0f711a4ad588d6a6aa477d1f25545f00fbab400c954d2c5de69de63340bac6b8a6500f7c66197466d94f53879c2f87a5c3

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://195.123.222.188/campo/e/e1

Targets

    • Target

      File_145565.xlsb

    • Size

      233KB

    • MD5

      99421c3f76ea8ef636173c6a3fc43e05

    • SHA1

      439c69a29dc2f4d7b52658cc78053c6153e62582

    • SHA256

      6a75b37a3f47cf8b5237526528aad5ff12ba1f498773caac507448f282ce5cc9

    • SHA512

      90fc816e5645b1f72fda82d7d26e3d0f711a4ad588d6a6aa477d1f25545f00fbab400c954d2c5de69de63340bac6b8a6500f7c66197466d94f53879c2f87a5c3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks