Overview

overview

10

Static

static

8

notif_2859.xlsb

windows7_x64

10

notif_2859.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    notif_2859.xlsb

  • Size

    88KB

  • Sample

    210316-vc1q5g4ed2

  • MD5

    2b484732645be215cdd1e6df3e0b3658

  • SHA1

    662c0e933c46bd7d5890d2d2242822d5cfb97085

  • SHA256

    146a181a98bd1db7904f2856847fd4b204fd0ee71e75e60552ad9c4baab02e38

  • SHA512

    d1d7fa854b1d66726d7ed31879d2f69e8aa8d5a75064b518fe9b94b9a5d27cc3f8713b8dc6cb5a5a21658de334511cc592960b9e035e6b7dab25ce8230e9fa7b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://obbligo.bar/register.jpg

Targets

    • Target

      notif_2859.xlsb

    • Size

      88KB

    • MD5

      2b484732645be215cdd1e6df3e0b3658

    • SHA1

      662c0e933c46bd7d5890d2d2242822d5cfb97085

    • SHA256

      146a181a98bd1db7904f2856847fd4b204fd0ee71e75e60552ad9c4baab02e38

    • SHA512

      d1d7fa854b1d66726d7ed31879d2f69e8aa8d5a75064b518fe9b94b9a5d27cc3f8713b8dc6cb5a5a21658de334511cc592960b9e035e6b7dab25ce8230e9fa7b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks