Overview

overview

10

Static

static

8

notif_1945.xlsb

windows7_x64

10

notif_1945.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    notif_1945.xlsb

  • Size

    65KB

  • Sample

    210316-qbswh7k4e6

  • MD5

    7f6e2a37e0a86f31c4e7fef8e3467ee6

  • SHA1

    b7ae3b60a29c7f88310eb91383bb96a83f720c57

  • SHA256

    149e5cdf1caed21860a8b0ea4b43796ff835063520c4242fbf1b0fae5a801bc3

  • SHA512

    1d2b8d9634436c8469d56763cd97aad0ce689dbb80ad7d3da58efd90385768d1683e144141d830f88b3d88e14660a064e8134e67d0ef869711fb12277cfde9ae

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://obbligo.bar/register.jpg

Targets

    • Target

      notif_1945.xlsb

    • Size

      65KB

    • MD5

      7f6e2a37e0a86f31c4e7fef8e3467ee6

    • SHA1

      b7ae3b60a29c7f88310eb91383bb96a83f720c57

    • SHA256

      149e5cdf1caed21860a8b0ea4b43796ff835063520c4242fbf1b0fae5a801bc3

    • SHA512

      1d2b8d9634436c8469d56763cd97aad0ce689dbb80ad7d3da58efd90385768d1683e144141d830f88b3d88e14660a064e8134e67d0ef869711fb12277cfde9ae

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks