Overview

overview

10

Static

static

8

modalita_545.xlsb

windows7_x64

10

modalita_545.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    modalita_545.xlsb

  • Size

    71KB

  • Sample

    210316-f67qxcy6xs

  • MD5

    bd712f9de5fb81340b4e1eb8b98d35ac

  • SHA1

    3396987fc72af34a67b1fbbd49645a36cf324576

  • SHA256

    bbad1214d89fc321edb837f6eedae53d4efec53d3c2ee1b4549f066405a09b16

  • SHA512

    10469a62851eb3f521d625d967c79b999343d3415c452fc076bb0e1612999f5ac74c5237ce08c2556f0174bdb779de45bc67efdb0b3adee1ea79927ae5d1a175

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://comunicaz.casa/signup.jpg

Targets

    • Target

      modalita_545.xlsb

    • Size

      71KB

    • MD5

      bd712f9de5fb81340b4e1eb8b98d35ac

    • SHA1

      3396987fc72af34a67b1fbbd49645a36cf324576

    • SHA256

      bbad1214d89fc321edb837f6eedae53d4efec53d3c2ee1b4549f066405a09b16

    • SHA512

      10469a62851eb3f521d625d967c79b999343d3415c452fc076bb0e1612999f5ac74c5237ce08c2556f0174bdb779de45bc67efdb0b3adee1ea79927ae5d1a175

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks