Overview

overview

10

Static

static

8

mal.xls

windows7_x64

10

mal.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mal.xls

  • Size

    273KB

  • Sample

    210316-ratfxrnzza

  • MD5

    c96139bf98423aaabcdf618081663a40

  • SHA1

    f14629ec76888b6a4eb54e5d849a6f34058d7fea

  • SHA256

    f4fc313fbfeafb3eb383097ff2c9f791cfb0f687a8488b8bc0923e9d693cdc4c

  • SHA512

    50c67303f2a3278c0b656b55d8ea68e9d213f8b6549882d6d252e6a2e36bff87b11c4181eb7ad4ee0a32a27120e0aa023c57bb48af77f56694765d905c20bc51

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://sssolutionsllc.org/k.php

Targets

    • Target

      mal.xls

    • Size

      273KB

    • MD5

      c96139bf98423aaabcdf618081663a40

    • SHA1

      f14629ec76888b6a4eb54e5d849a6f34058d7fea

    • SHA256

      f4fc313fbfeafb3eb383097ff2c9f791cfb0f687a8488b8bc0923e9d693cdc4c

    • SHA512

      50c67303f2a3278c0b656b55d8ea68e9d213f8b6549882d6d252e6a2e36bff87b11c4181eb7ad4ee0a32a27120e0aa023c57bb48af77f56694765d905c20bc51

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks