Overview

overview

10

Static

static

8

8ff1bc4168...ec.xls

windows7_x64

10

8ff1bc4168...ec.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4814146194145280.zip

  • Size

    54KB

  • Sample

    210316-skhaewm372

  • MD5

    cf5577846ce0e5dfcccb807207a7c30c

  • SHA1

    ab1c1774366abb025b004ebfaf4cf5d8b5accd2f

  • SHA256

    4b63d73449893efce7fc886ca1a9f5e6b341ff554261801d67dc67c3e4f6d3ba

  • SHA512

    94ea2de57352997a359879d0a5feaa463b9ab1053047b2d6dfae69d3c6b2a89868fd10b9108020d9b3a60b654a27af748cbf2e03cd864d79304cb7a6a6a2c508

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://lackenbauer.ru/bd/hhvqjrec/44271.1308100694.dat
xlm40.dropper

http://www.peacezoneacademy.com/dxsbonlv/44271.1308100694.dat
xlm40.dropper

http://jopo.com/gmaaxbro/44271.1308100694.dat
xlm40.dropper

http://www.thegivingwall.co.uk/jfgolx/44271.1308100694.dat
xlm40.dropper

http://baxtercode.com/qkhpnucmzts/44271.1308100694.dat

Targets

    • Target

      8ff1bc4168d830d0d1b53a5f88c639a7c788615f561b4e11625872f1781e19ec

    • Size

      276KB

    • MD5

      cd8a303e7e2fef6b3aa1c0db99553f9b

    • SHA1

      645a8a93665913de4b195aab4885bc3319536c2d

    • SHA256

      8ff1bc4168d830d0d1b53a5f88c639a7c788615f561b4e11625872f1781e19ec

    • SHA512

      889c9f6d0989a9061cd5aff37351e2bde3ddd8cfe670cc520c3f2d7a5a618f63ff59325b9aa9baa5621303b3d96ffab42e4a5b43acbdbcfd2083806ce1bf4554

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks