Overview

overview

10

Static

static

8

Debt-Detai...1.xlsm

windows7_x64

10

Debt-Detai...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-120792975-05132021.xlsm

  • Size

    196KB

  • Sample

    210513-letl3h99ae

  • MD5

    90213af289c94acae0f36fb613155187

  • SHA1

    826b63a30a1c44ce6ecabab17c64673573088970

  • SHA256

    d3c3e8da2a5605e86cad1417a6b7a7082307f7a30a6dcd67198fbe6e3ee5b7d0

  • SHA512

    09f602952da21b77cd5bc7d61c9739e55c04c874c2abc52aa9f41fc9ac429546e4aae7606575a31646206cacc94130d0cca565c16e8b8685fb227da7de8888ef

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://194.67.203.207/44330.0904949074.dat
xlm40.dropper

http://185.82.217.23/44330.0904949074.dat
xlm40.dropper

http://45.67.230.131/44330.0904949074.dat

Targets

    • Target

      Debt-Details-120792975-05132021.xlsm

    • Size

      196KB

    • MD5

      90213af289c94acae0f36fb613155187

    • SHA1

      826b63a30a1c44ce6ecabab17c64673573088970

    • SHA256

      d3c3e8da2a5605e86cad1417a6b7a7082307f7a30a6dcd67198fbe6e3ee5b7d0

    • SHA512

      09f602952da21b77cd5bc7d61c9739e55c04c874c2abc52aa9f41fc9ac429546e4aae7606575a31646206cacc94130d0cca565c16e8b8685fb227da7de8888ef

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks