Overview

overview

10

Static

static

8

8bdcc1592f...e.xlsm

windows7_x64

1

8bdcc1592f...e.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bdcc1592ffaee9154ed4331a44fa52af3b2baebbd4ef71840adc73b38635d9e.zip

  • Size

    151KB

  • Sample

    210421-598nb99r7s

  • MD5

    2cca4d4d9546871c7c2e2e1b867a8df4

  • SHA1

    302933a620797d6876d293a68cbb031c0d5707fb

  • SHA256

    d7a6f8318f48d36e7b4e7a6d4a202c92e2f321f0b54aa8ba55e869974ec7a0b6

  • SHA512

    466a3a379e15166eed9674bccf968490f80a6da0e2ae53ca64c099b604435e6d7ab645218a8baa1fa244714877251fd4ab58c30bcf7c6f2c75d48cab1b1bc6dd

Score
10/10
evasionmacrotrojan

Malware Config

Targets

    • Target

      8bdcc1592ffaee9154ed4331a44fa52af3b2baebbd4ef71840adc73b38635d9e.xlsm

    • Size

      155KB

    • MD5

      77f482d7c33d70474d451cf2546f4b4f

    • SHA1

      9ef86f2a8171e50ec5734886d895885280e029d8

    • SHA256

      8bdcc1592ffaee9154ed4331a44fa52af3b2baebbd4ef71840adc73b38635d9e

    • SHA512

      f656c8f2a14ddb066469f20ab5303f5a0ec18d17648e67a59fde4902dc923f5a70fe4cc4964251a705275e98073df76821ec6e3ee8d93982fb86ec71a698404a

    Score
    10/10
    evasiontrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks