Overview

overview

10

Static

static

8

Compensati...21.xls

windows7_x64

10

Compensati...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CompensationClaim_1458474084_03152021.xls.zip

  • Size

    153KB

  • Sample

    210315-px1faxqxxs

  • MD5

    b6878cc911c38874a74919a6bce4f0bb

  • SHA1

    16ca52d64546defb603d77bbcaa9d7841d26b9ec

  • SHA256

    cceb1943de3fc134601afd9852abedd1395d6969d0c3d77448d1d5ba83f8f7b5

  • SHA512

    c3da2890895656dee3e6a4b99ef228b24b898064f67473595dd3586d84bc7f6d2a9236b58b5eff1d1e556c9ec7198cc8805f621e612e0949e79b3f16e3a65074

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://188.127.254.114/44270.9075907407.dat
xlm40.dropper

http://185.82.219.160/44270.9075907407.dat
xlm40.dropper

http://45.140.146.34/44270.9075907407.dat

Targets

    • Target

      CompensationClaim_1458474084_03152021.xls

    • Size

      233KB

    • MD5

      1a9610dd6bbe276109581299f12a8a25

    • SHA1

      8dc20d17ee1e1a8df8ec15f47fdc6989131f3d49

    • SHA256

      8688077ce747fd951e0059760c195bc19ef8a75276a1796645bec13cc76f87e8

    • SHA512

      d2f01cf951cf497940a08f049abc2e51724a358eee3f19015f3464f50eb38083adb4fda92ba9152e9e912a036989a249188a3afbeb584925c92b8681576eb326

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks