bde27f8294e3a01757cc63c51615ee623ba79a16bd188243be0410d8446a4d21 | Triage

Sharing

General

Target

1810657040_03162021.zip
Size

152KB
Sample

210316-rlfjj8r7pj
MD5

e0d6942be9d09b20baa7687d9519bed9
SHA1

00895ce5b560935a5e367b1ec3874e640a7c9400
SHA256

bde27f8294e3a01757cc63c51615ee623ba79a16bd188243be0410d8446a4d21
SHA512

967981b79fdde84bbac970d553fca525d5732b60c6351afc66959230e4d056eaae13d471e44842a7425b74290dcca62949003af1d0aa9d39fba503c54d420b3c

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://188.127.235.232/44271.6590251157.dat

xlm40.dropper

http://193.38.54.165/44271.6590251157.dat

xlm40.dropper

http://185.82.218.54/44271.6590251157.dat

xlm40.dropper

http://44271.6590251157.dat

Targets

- Target
  
  1810657040_03162021.xls
- Size
  
  231KB
- MD5
  
  ba059e643683b9f9d9ac90019e9c01be
- SHA1
  
  343106168eb7e0e8ba9b1f273238770bf408c0ca
- SHA256
  
  eebbfb1607fff4c6cbb6ff226dbe362071d98ba36f87bc2c731365e095af7a9c
- SHA512
  
  4ddbcf478bcbb5eb34618b0969206660e4a7c7bedfc4fcbf2431917aa68930fc4264f5d8f88b10a1f25d387e8349260f9a70e46807c1cb8f27d9b83269706f87
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2