dcb80fdbe85da3af40cf7b9c1c50aafa3ea8b23126a769fa636cb6edecf85e45 | Triage

Sharing

General

Target

Debt-Details-1248896833-05132021.zip
Size

149KB
Sample

210513-2fs946yfwx
MD5

0dbba339ffd77fc0afa0270a8fa02da7
SHA1

98d2ec98c6ea9adf6143a541916ed04331bb2b05
SHA256

dcb80fdbe85da3af40cf7b9c1c50aafa3ea8b23126a769fa636cb6edecf85e45
SHA512

a4b503fe17f5a07f5939b2ffbae0bcb230e58f929da4f152b6f010ec01d6d8976e7bd38db19dadf48d797d51dd23efc9c033558c260ebe4ea4a3bcf061521d6f

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://195.123.221.179/44329.5851163194.dat

xlm40.dropper

http://188.165.62.17/44329.5851163194.dat

xlm40.dropper

http://185.183.98.29/44329.5851163194.dat

Targets

- Target
  
  Debt-Details-1248896833-05132021.xlsm
- Size
  
  196KB
- MD5
  
  9f0ed5de1d36a944a8340a37eeb1bf8e
- SHA1
  
  8ed2b40c0a453100d0b4259370cd7347ebd65803
- SHA256
  
  4e6b29309e6574f4a3a2dbd48f12e9f4b48988099405ae04d563115d33897245
- SHA512
  
  5f636daf13d57cb3db676d9382e32c6a1572436545dc162da19c487944daeff60482de18126d9c1869c0dba0b705c268707f4930cbc6223d11d3348fc3d5406c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2