d67d14ef44742b1df9a1740ece5512f367aa88ffccdfa9316a70fd49fd9fbef3 | Triage

Sharing

General

Target

71255950620-05132021.xlsm
Size

197KB
Sample

210513-jn8r3b64as
MD5

6ec18db28bdee35b42375cbca2c2c28f
SHA1

7f1a49ff3784933cf4d2169079ffa222836632e9
SHA256

d67d14ef44742b1df9a1740ece5512f367aa88ffccdfa9316a70fd49fd9fbef3
SHA512

20e87fd88563eabc508761a0e80c0cb319111a7c73a14bc3787fd2cacbb733dbe2bbd528871aaf54a0f1ecc35eb82fcd4647ccc9d9347a4ccccac73c0a08edc9

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://91.211.91.85/44329.633469213.dat

xlm40.dropper

http://190.14.37.65/44329.633469213.dat

xlm40.dropper

http://185.14.29.217/44329.633469213.dat

Targets

- Target
  
  71255950620-05132021.xlsm
- Size
  
  197KB
- MD5
  
  6ec18db28bdee35b42375cbca2c2c28f
- SHA1
  
  7f1a49ff3784933cf4d2169079ffa222836632e9
- SHA256
  
  d67d14ef44742b1df9a1740ece5512f367aa88ffccdfa9316a70fd49fd9fbef3
- SHA512
  
  20e87fd88563eabc508761a0e80c0cb319111a7c73a14bc3787fd2cacbb733dbe2bbd528871aaf54a0f1ecc35eb82fcd4647ccc9d9347a4ccccac73c0a08edc9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2