9e14bd281dfb18a1b470d0139771467e3a8dceec607c098592d9e60d611806d0 | Triage

Sharing

General

Target

Debt-Details-1177944144-05132021.xlsm_188F372D38F45000605CE882C6CEECBA.zip
Size

149KB
Sample

210513-d211nrq962
MD5

6d46c28cf3a6ab964c747b592b776e9b
SHA1

e33f812ab3d2ba94195a5466bedf9f6f60a76a5d
SHA256

9e14bd281dfb18a1b470d0139771467e3a8dceec607c098592d9e60d611806d0
SHA512

2f87fe68b0ff380d36a31138d3cbbcfb595b4fced9aa2cfcd2ad67d62f3d106ea28cad70eb6e8698235d37064dfab320e2175bf18e6d7b9ce8092baf2d5baa1c

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://194.67.203.207/44329.6529623843.dat

xlm40.dropper

http://185.82.217.23/44329.6529623843.dat

xlm40.dropper

http://45.67.230.131/44329.6529623843.dat

Targets

- Target
  
  Debt-Details-1177944144-05132021.xlsm
- Size
  
  196KB
- MD5
  
  188f372d38f45000605ce882c6ceecba
- SHA1
  
  30d7c58f1af1fa52051e6d800f2dd9eae3c4318c
- SHA256
  
  0fb57c7dee5bda8e0f90fe490053d74862cc7c01ff34737ae441d9994a2704b5
- SHA512
  
  85430fe333f03034d62c55705f6a0caa5b3a54850b4a3b13373e0093c1a5670b387e73953ff5caf0da66fd2a85528988ebe8083f919499f11157dc6432072da1
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2