Overview

overview

10

Static

static

8

baa952bfea...a.xlsm

windows7_x64

10

baa952bfea...a.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af2e73d5_by_Libranalysis

  • Size

    323KB

  • Sample

    210507-njnvvk7d4a

  • MD5

    af2e73d50483dd49b73069507117b798

  • SHA1

    e0d1ddbb33217aa9d8217a015b86c1bd7f368dbb

  • SHA256

    5f1a47f7e929a6563f9b4d18dbefbab17942d63c9738baa0f1c4e9a25152fbb3

  • SHA512

    77cd1510806ad8615c378c719fba536ecffe86d40fd8b9d950b1637c674ea1f301e648b6a9ee77a3d6b3da10096af1742362c58629c27e916993655fe25d6db5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://188.127.235.69/44300,5396033565.dat
xlm40.dropper

http://45.144.30.41/44300,5396033565.dat
xlm40.dropper

http://62.109.24.36/44300,5396033565.dat

Targets

    • Target

      baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca.xlsm

    • Size

      328KB

    • MD5

      eb1d27c0d19fcaa8b64423e7502baef3

    • SHA1

      99afdc744ef8f0a7b2e69aca01a10ca8f1eec26b

    • SHA256

      baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca

    • SHA512

      2f1bf427662f132f4ea13d3bd69415465fb2b5bf43ad445aba4545b0288c6056a3a5897195a2ddf9e05fac2d87c7e162aee4a946630060873f1c0d5558a0571e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks