Overview

overview

10

Static

static

8

general_2589.xlsb

windows7_x64

10

general_2589.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    general_2589.xlsb

  • Size

    65KB

  • Sample

    210315-fakh72dspj

  • MD5

    0f643d82af7f4daccccfb24cdf3f63f2

  • SHA1

    e34f37bc019d659a10e942c27b601be5fbe7d313

  • SHA256

    6c1fdee9b69b6eb4e1c8a3f3defd32f346aea9d464ad51c1aca45d1359fa6e62

  • SHA512

    68f36c53190c245ded65b7fc849e998c419896eaf1eb3aa16b4e9b023ece671bad59e3cf03fda745f9a26d170bd9d1d171a7d7877d79a5e6fceaf2b7d9755a67

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://statisonline.casa/register.jpg

Targets

    • Target

      general_2589.xlsb

    • Size

      65KB

    • MD5

      0f643d82af7f4daccccfb24cdf3f63f2

    • SHA1

      e34f37bc019d659a10e942c27b601be5fbe7d313

    • SHA256

      6c1fdee9b69b6eb4e1c8a3f3defd32f346aea9d464ad51c1aca45d1359fa6e62

    • SHA512

      68f36c53190c245ded65b7fc849e998c419896eaf1eb3aa16b4e9b023ece671bad59e3cf03fda745f9a26d170bd9d1d171a7d7877d79a5e6fceaf2b7d9755a67

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks