Overview

overview

10

Static

static

8

Price list.xlsm

windows7_x64

1

Price list.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Price list.xlsm

  • Size

    64KB

  • Sample

    210504-mbhsz46w6n

  • MD5

    dc48640ca8488d4c4e61b807ef19d11c

  • SHA1

    e2cfbc565e62b269a7bfbdf2b3c060e52aaa6614

  • SHA256

    c8f3d97c54386b86778a1d20917353583bcf706ffe0615d962683d55e449bcab

  • SHA512

    06d0b3420f784cad69e11202271b99f47c7c5eeca68de9a5e01da6ebf2c5b25414ec242dd4517eeff43fcd239ec8ded073a9317c1140ae9e3c6b620b6af741b9

Score
10/10
asyncratevasionmacroratspywarestealer

Malware Config

Targets

    • Target

      Price list.xlsm

    • Size

      64KB

    • MD5

      dc48640ca8488d4c4e61b807ef19d11c

    • SHA1

      e2cfbc565e62b269a7bfbdf2b3c060e52aaa6614

    • SHA256

      c8f3d97c54386b86778a1d20917353583bcf706ffe0615d962683d55e449bcab

    • SHA512

      06d0b3420f784cad69e11202271b99f47c7c5eeca68de9a5e01da6ebf2c5b25414ec242dd4517eeff43fcd239ec8ded073a9317c1140ae9e3c6b620b6af741b9

    Score
    10/10
    asyncratevasionratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Modifies visibility of file extensions in Explorer

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks