Overview

overview

10

Static

static

8

Documents457.xlsm

windows7_x64

10

Documents457.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document (52).zip

  • Size

    42KB

  • Sample

    210315-xwaxkhq452

  • MD5

    fa3993a80f8b027e7bf18c0320cba404

  • SHA1

    fec3736ade603ba840825a36ad1786ffafbf8299

  • SHA256

    224ff5cdbea4d3540f7c8c32086a5bd5113923377508f002a77549cbd92f5c72

  • SHA512

    b5ed290819f6ba80e8ffef2c438c3dff4ca7b578e7d26ba84a9555443397aa1532a0fada8af9ef412b17b9f6e6452a0da3863a31f42a3f07abb8e5042cc61f1b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://xgka03stox03cloeqz.com/index.gif

Targets

    • Target

      Documents457.xlsm

    • Size

      57KB

    • MD5

      9793c1a18272f2459fee69f8f914388f

    • SHA1

      740aa60f77f9372bad6e533637ef9e812d1f9b44

    • SHA256

      9ba472bd3fcd23bf1b820c9f35e33fd64c334c2e3b7189bf77bc0c080c449e56

    • SHA512

      4fd053e65f414f20c3ef3f53169968f0766f63dea462b373b682734c32309a128a975609c636d7cf42350319d88e1c15c77f98041b25d9c65eb077560022edfa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks