Overview

overview

10

Static

static

8

Debt-Detai...1.xlsm

windows7_x64

10

Debt-Detai...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Debt-Details-737504944-05132021.xlsm.zip

  • Size

    149KB

  • Sample

    210514-getd67qbnx

  • MD5

    90b9bc29fc2e8d01e9baea11823e7d16

  • SHA1

    707c12016da9781f8c9e8d17bb030b44edba6b75

  • SHA256

    1b59888d6384537c8efd4150a6070c8b7ded99f8c3b35ab2deb58491e8927969

  • SHA512

    3a3effeb1e2f3283ba1d8e746c5e5f0df554bc3295c84a7a513895fe19452d220a3ecff6558860c56bb64b365b23150dc497950df9199926b255632812228c49

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://185.183.96.233/44330.0326398148.dat
xlm40.dropper

http://51.89.115.125/44330.0326398148.dat
xlm40.dropper

http://190.14.37.64/44330.0326398148.dat

Targets

    • Target

      Debt-Details-737504944-05132021.xlsm

    • Size

      196KB

    • MD5

      422c09861a2824f055f820602cc50152

    • SHA1

      fb1e3fd57c83499b265561f7a0b0d30c6c4a9c64

    • SHA256

      25a5318acb0bb58d47fffcc5fff63c96f750bce41259970567d061cffc804f9a

    • SHA512

      82ed42f816232cd2813320e95b75abfa07c668d125ea0e5834292e5dc65245e996bc0e6e6586ed41ac9c1d5b00785d908574010fb578d534e6e655e0eaf65c6e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks