54526dc62ff67f8e2ab376741000d52f709c7391dd961f2c11742250c57a127b | Triage

Sharing

General

Target

qbot.xlsm
Size

196KB
Sample

210513-ejk4laz9da
MD5

ae952edbe112bfdf041a56c122b46ce8
SHA1

84186fa9143637631660e1e07bb52d9f185c802a
SHA256

54526dc62ff67f8e2ab376741000d52f709c7391dd961f2c11742250c57a127b
SHA512

33e1c29dbc5059a0cea328c514a5819b6bc42474f4d9da50207f011719961779221042597adc9caa30d36abc2ee90e85091ddcd3d77d19ca95d387b3105911af

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://194.67.203.207/44329.5857111111.dat

xlm40.dropper

http://185.82.217.23/44329.5857111111.dat

xlm40.dropper

http://45.67.230.131/44329.5857111111.dat

Targets

- Target
  
  qbot.xlsm
- Size
  
  196KB
- MD5
  
  ae952edbe112bfdf041a56c122b46ce8
- SHA1
  
  84186fa9143637631660e1e07bb52d9f185c802a
- SHA256
  
  54526dc62ff67f8e2ab376741000d52f709c7391dd961f2c11742250c57a127b
- SHA512
  
  33e1c29dbc5059a0cea328c514a5819b6bc42474f4d9da50207f011719961779221042597adc9caa30d36abc2ee90e85091ddcd3d77d19ca95d387b3105911af
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2