Overview

overview

10

Static

static

8

642c18c091...8.xlsm

windows7_x64

10

642c18c091...8.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    642c18c09130362f48ec9e466b5f0ebdd9fdc368.xlsm

  • Size

    25KB

  • Sample

    210316-pqaxl5j2sn

  • MD5

    3377fbe5aeb916dbe86e759f686d98ff

  • SHA1

    642c18c09130362f48ec9e466b5f0ebdd9fdc368

  • SHA256

    135381db62065c77d4794b157d87d27d503eb511d0ab32ccde38fe7f380cea72

  • SHA512

    ba95a8e85a1322e5d8de65b8416f235f0b7e702acde182183cd0a540febabd324fe40dd2c5903281d4a7e584c656844cede89d205f4f1791b1b24f027ff9621f

Score
10/10
macropersistence

Malware Config

Targets

    • Target

      642c18c09130362f48ec9e466b5f0ebdd9fdc368.xlsm

    • Size

      25KB

    • MD5

      3377fbe5aeb916dbe86e759f686d98ff

    • SHA1

      642c18c09130362f48ec9e466b5f0ebdd9fdc368

    • SHA256

      135381db62065c77d4794b157d87d27d503eb511d0ab32ccde38fe7f380cea72

    • SHA512

      ba95a8e85a1322e5d8de65b8416f235f0b7e702acde182183cd0a540febabd324fe40dd2c5903281d4a7e584c656844cede89d205f4f1791b1b24f027ff9621f

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks