Overview

overview

10

Static

static

8

comun_1338.xlsb

windows7_x64

10

comun_1338.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    comun_1338.xlsb

  • Size

    65KB

  • Sample

    210315-cp2x758awe

  • MD5

    f84ec393f8280213b4df97a50c8b6de7

  • SHA1

    08b6ca2e9656373735a68dbf0a70506bb128957a

  • SHA256

    69e2d449d9caa33cad124a748e55221bbe3aaf17500711b65989a4694625ea86

  • SHA512

    9b7b93cb165d54f22cc26e4eb0372f19196ae97195ec6b68175011a46bd282d471bb15893cfaf6e8f7e0a6cd4afcd964a5bc13e1d04e73c585b4691109a651a7

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://onlinestatis.bar/signup.jpg

Targets

    • Target

      comun_1338.xlsb

    • Size

      65KB

    • MD5

      f84ec393f8280213b4df97a50c8b6de7

    • SHA1

      08b6ca2e9656373735a68dbf0a70506bb128957a

    • SHA256

      69e2d449d9caa33cad124a748e55221bbe3aaf17500711b65989a4694625ea86

    • SHA512

      9b7b93cb165d54f22cc26e4eb0372f19196ae97195ec6b68175011a46bd282d471bb15893cfaf6e8f7e0a6cd4afcd964a5bc13e1d04e73c585b4691109a651a7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks