Overview

overview

10

Static

static

8

Res_Frank_Grillo.xls

windows7_x64

10

Res_Frank_Grillo.xls

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Res_Frank_Grillo.xls

  • Size

    106KB

  • Sample

    210316-zpzz12cgp6

  • MD5

    1799fdac171ae275aa50892d72c7fc8b

  • SHA1

    c9e71395d053912d1c7126a0d2dc3e528c1429b0

  • SHA256

    6c7f3c3236facda5406064b08412cc051dd5a258ca030c28f8b5da3e319f5901

  • SHA512

    943966b7b2abffeb621fe021d7aaaca38fca805be1bc116e1a0e17c7f0fc030d218c482a6e0f8184790fea13277f8c70358e162b619741077a2c51f2ec9b0f35

Score
10/10
macro

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://195.123.220.128/mail-run/mail.exe

Targets

    • Target

      Res_Frank_Grillo.xls

    • Size

      106KB

    • MD5

      1799fdac171ae275aa50892d72c7fc8b

    • SHA1

      c9e71395d053912d1c7126a0d2dc3e528c1429b0

    • SHA256

      6c7f3c3236facda5406064b08412cc051dd5a258ca030c28f8b5da3e319f5901

    • SHA512

      943966b7b2abffeb621fe021d7aaaca38fca805be1bc116e1a0e17c7f0fc030d218c482a6e0f8184790fea13277f8c70358e162b619741077a2c51f2ec9b0f35

    Score
    10/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks