Overview

overview

10

Static

static

8

Overdue-89...1.xlsm

windows7_x64

10

Overdue-89...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue-894289303-04212021.xlsm

  • Size

    328KB

  • Sample

    210421-gbdn8vseje

  • MD5

    7125d3e4dc791d94ff80bdc13a65365c

  • SHA1

    4521f4db608f9ddd0cfaeb1d93d68d98456e0c71

  • SHA256

    b4b7e4e8230f4c6d2cec3858fdb3006346132aef0810c1e957170b0470efa81f

  • SHA512

    663fe4ad28fd2c79c2da27d2635c6ea70f8d37277a455741b3c99f7c88f5c9c1e6a3666c61b575f7da3119e2d1e4b35f80fb3c0d348ba1e8b8c3878d295c8124

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://193.203.202.55/44300,5396033565.dat
xlm40.dropper

http://190.14.37.245/44300,5396033565.dat
xlm40.dropper

http://194.67.214.216/44300,5396033565.dat

Targets

    • Target

      Overdue-894289303-04212021.xlsm

    • Size

      328KB

    • MD5

      7125d3e4dc791d94ff80bdc13a65365c

    • SHA1

      4521f4db608f9ddd0cfaeb1d93d68d98456e0c71

    • SHA256

      b4b7e4e8230f4c6d2cec3858fdb3006346132aef0810c1e957170b0470efa81f

    • SHA512

      663fe4ad28fd2c79c2da27d2635c6ea70f8d37277a455741b3c99f7c88f5c9c1e6a3666c61b575f7da3119e2d1e4b35f80fb3c0d348ba1e8b8c3878d295c8124

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks