Overview

overview

10

Static

static

8

8202572189...1.xlsm

windows7_x64

10

8202572189...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82025721897_03192021.xlsm

  • Size

    185KB

  • Sample

    210409-fe4hz1v8za

  • MD5

    e7ab02fc9cf04da25eeb7e7263aefe0d

  • SHA1

    12cdeed8f2c7605ebcb3c7b384b4bad1fd82dbbe

  • SHA256

    dcc45c82a484a420888aabe66588cbb1658cb2a7a5cc833b0438fa06ca84a991

  • SHA512

    06b93502819f0bb0877cbf26108f7aa3261ce192c4bd5e6ac19b0cd956e92f78ca53da0fedd3857426ed9664390d7db5616c92b64a1c6a034e3a4ad94cac64ab

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://188.127.237.152/44295.4021160879.dat
xlm40.dropper

http://45.150.67.13/44295.4021160879.dat
xlm40.dropper

http://185.82.219.225/44295.4021160879.dat

Targets

    • Target

      82025721897_03192021.xlsm

    • Size

      185KB

    • MD5

      e7ab02fc9cf04da25eeb7e7263aefe0d

    • SHA1

      12cdeed8f2c7605ebcb3c7b384b4bad1fd82dbbe

    • SHA256

      dcc45c82a484a420888aabe66588cbb1658cb2a7a5cc833b0438fa06ca84a991

    • SHA512

      06b93502819f0bb0877cbf26108f7aa3261ce192c4bd5e6ac19b0cd956e92f78ca53da0fedd3857426ed9664390d7db5616c92b64a1c6a034e3a4ad94cac64ab

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks