Overview

overview

10

Static

static

8

Outfordeli...8.xlsm

windows7_x64

10

Outfordeli...8.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Outfordelivery-787848.xlsm

  • Size

    185KB

  • Sample

    210707-1sddayh1ge

  • MD5

    b40a98f99870bf4c224cdc13723036b2

  • SHA1

    a09442b14c9993758f5e3221f087a956a716afa1

  • SHA256

    82575ae0f67ac99e2df780eb524fe05219fae0e3d308308f14d48cdbd5016071

  • SHA512

    0c514d5138104ab3a62d14673cac2af7f6a750d138a517a8c2eff0ff9a3dbe0892dd190659a0bed638ec22e5ef4c6eafd0d005ad95c31547e264887a3935d109

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://thousandsyears.download/div/44376,8555986111.jpg
xlm40.dropper

http://voopeople.fun/div/44376,8555986111.jpg
xlm40.dropper

http://uppercilio.fun/div/44376,8555986111.jpg

Targets

    • Target

      Outfordelivery-787848.xlsm

    • Size

      185KB

    • MD5

      b40a98f99870bf4c224cdc13723036b2

    • SHA1

      a09442b14c9993758f5e3221f087a956a716afa1

    • SHA256

      82575ae0f67ac99e2df780eb524fe05219fae0e3d308308f14d48cdbd5016071

    • SHA512

      0c514d5138104ab3a62d14673cac2af7f6a750d138a517a8c2eff0ff9a3dbe0892dd190659a0bed638ec22e5ef4c6eafd0d005ad95c31547e264887a3935d109

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks