Overview

overview

10

Static

static

8

societ_1410.xlsb

windows7_x64

10

societ_1410.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    societ_1410.xlsb

  • Size

    67KB

  • Sample

    210315-g6dk4mpb1n

  • MD5

    cdf0c5cad31be82c68203aa04aa20292

  • SHA1

    3f9a1284e68d3a79cabc4fb53fb8ff3827427791

  • SHA256

    314c7b0bfe6cfa6bfc1dc3b16e5a3b124b7c8e639f0b908bb1771ac5984f50cb

  • SHA512

    62cd49fc5ffc3bb80bb9489ece6efb8738bcef5d3df5f756726d3196afd63df2e90307e0548aee0a669afe14833e7b9de282a6874f21fe9ba215c5f7aa4cda11

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://linestata.bar/register.jpg

Targets

    • Target

      societ_1410.xlsb

    • Size

      67KB

    • MD5

      cdf0c5cad31be82c68203aa04aa20292

    • SHA1

      3f9a1284e68d3a79cabc4fb53fb8ff3827427791

    • SHA256

      314c7b0bfe6cfa6bfc1dc3b16e5a3b124b7c8e639f0b908bb1771ac5984f50cb

    • SHA512

      62cd49fc5ffc3bb80bb9489ece6efb8738bcef5d3df5f756726d3196afd63df2e90307e0548aee0a669afe14833e7b9de282a6874f21fe9ba215c5f7aa4cda11

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks