372791846d41e285c04c6cf752f7a7644bd77b781f78c465f031369802e2bf19 | Triage

Sharing

General

Target

71815855671-05132021.xlsm
Size

197KB
Sample

210513-yky9vy2tre
MD5

c8659d5bb1b8ab3578746ea3b8d8b31d
SHA1

058c64dda6067f2c1f87140c4b4e3a690e846db8
SHA256

372791846d41e285c04c6cf752f7a7644bd77b781f78c465f031369802e2bf19
SHA512

89478fc5dc06c2952a923047bb5d26d87e8b3b94dc8880448175f4f3e2b4995c5379cf9d45e99cb04329fd4cd08260b0d2914b3312e2bf2817b2f3cdd311d104

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://91.211.91.85/44329.713296875.dat

xlm40.dropper

http://190.14.37.65/44329.713296875.dat

xlm40.dropper

http://185.14.29.217/44329.713296875.dat

Targets

- Target
  
  71815855671-05132021.xlsm
- Size
  
  197KB
- MD5
  
  c8659d5bb1b8ab3578746ea3b8d8b31d
- SHA1
  
  058c64dda6067f2c1f87140c4b4e3a690e846db8
- SHA256
  
  372791846d41e285c04c6cf752f7a7644bd77b781f78c465f031369802e2bf19
- SHA512
  
  89478fc5dc06c2952a923047bb5d26d87e8b3b94dc8880448175f4f3e2b4995c5379cf9d45e99cb04329fd4cd08260b0d2914b3312e2bf2817b2f3cdd311d104
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2