87437de0c4fbde322bec0d7bf897927d60d4903925632aa4373bac43ed82f695 | Triage

Sharing

General

Target

Debt-Details-2065399866-05132021.xlsm
Size

196KB
Sample

210514-5fk2b3l12a
MD5

ac9df8f0a9eb4d16bd673611f8062429
SHA1

76e7b947f54aada88a3ac4b892202ba9549f8e12
SHA256

87437de0c4fbde322bec0d7bf897927d60d4903925632aa4373bac43ed82f695
SHA512

7f299de372983072b5e149a2e47209daf202786678629e8f64bfddb137a553ad118795e48eb7dc74a1eeaaf5cff9b7f007403e9e4ffa4adc9d117ddade58bb5b

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://195.123.221.179/44330.0206428241.dat

xlm40.dropper

http://188.165.62.17/44330.0206428241.dat

xlm40.dropper

http://185.183.98.29/44330.0206428241.dat

Targets

- Target
  
  Debt-Details-2065399866-05132021.xlsm
- Size
  
  196KB
- MD5
  
  ac9df8f0a9eb4d16bd673611f8062429
- SHA1
  
  76e7b947f54aada88a3ac4b892202ba9549f8e12
- SHA256
  
  87437de0c4fbde322bec0d7bf897927d60d4903925632aa4373bac43ed82f695
- SHA512
  
  7f299de372983072b5e149a2e47209daf202786678629e8f64bfddb137a553ad118795e48eb7dc74a1eeaaf5cff9b7f007403e9e4ffa4adc9d117ddade58bb5b
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2