a62339a58303d35f68ff9c9274c1ac5d099666e63e405470d2bfa859895b8035 | Triage

Sharing

General

Target

12010932100_03162021.xls
Size

231KB
Sample

210316-tmlfvke6an
MD5

df86c71c1b3d11c74c9173125f12bda7
SHA1

4b85448e924dfb2fe6dc5be9a87d4425bcca3a8d
SHA256

a62339a58303d35f68ff9c9274c1ac5d099666e63e405470d2bfa859895b8035
SHA512

ec1b1d730e793ab4311968b520f8ef23e4c2ba2c2b1392141acaeec4fa8a8fddaddabea94d2ca6c96f6260eda1be0bd44e63b860a173c7e22775480d69d68d04

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://188.127.235.232/44271.6265009259.dat

xlm40.dropper

http://193.38.54.165/44271.6265009259.dat

xlm40.dropper

http://185.82.218.54/44271.6265009259.dat

xlm40.dropper

http://44271.6265009259.dat

Targets

- Target
  
  12010932100_03162021.xls
- Size
  
  231KB
- MD5
  
  df86c71c1b3d11c74c9173125f12bda7
- SHA1
  
  4b85448e924dfb2fe6dc5be9a87d4425bcca3a8d
- SHA256
  
  a62339a58303d35f68ff9c9274c1ac5d099666e63e405470d2bfa859895b8035
- SHA512
  
  ec1b1d730e793ab4311968b520f8ef23e4c2ba2c2b1392141acaeec4fa8a8fddaddabea94d2ca6c96f6260eda1be0bd44e63b860a173c7e22775480d69d68d04
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2