Overview

overview

10

Static

static

8

societ_2453.xlsb

windows7_x64

10

societ_2453.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    societ_2453.xlsb

  • Size

    55KB

  • Sample

    210315-d4a9b6c65e

  • MD5

    336849f055255ad626982c22a3341e81

  • SHA1

    620e24f20df2e9465d090ae18b566568e390fdd2

  • SHA256

    3b42c27be13b8ac6bc5533315c7f2fdcdab0e6a95d4693fa3fe6ba64286ed162

  • SHA512

    faafa91a1432994ee475f043b92b8c614d15f8628ddbb8c47076af9ccd7cde93ef48f72c8a9e49ff44e4d5d663f1dafb43baff7c1cab9372cd590c47e0eac468

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://linestata.bar/register.jpg

Targets

    • Target

      societ_2453.xlsb

    • Size

      55KB

    • MD5

      336849f055255ad626982c22a3341e81

    • SHA1

      620e24f20df2e9465d090ae18b566568e390fdd2

    • SHA256

      3b42c27be13b8ac6bc5533315c7f2fdcdab0e6a95d4693fa3fe6ba64286ed162

    • SHA512

      faafa91a1432994ee475f043b92b8c614d15f8628ddbb8c47076af9ccd7cde93ef48f72c8a9e49ff44e4d5d663f1dafb43baff7c1cab9372cd590c47e0eac468

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks