Overview

overview

10

Static

static

8

2c09d3a569...d.xlsm

windows7_x64

10

2c09d3a569...d.xlsm

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5012239853322240.zip

  • Size

    81KB

  • Sample

    210714-z6flt8bjns

  • MD5

    9963bd098265909c79ce5eca8becea4b

  • SHA1

    9b4e1c143328fdf15a01c4ea407759b6052bb36b

  • SHA256

    283354922c7d5016e50c2fa98c702b9f7ffd94010cf519fb22ade851f830202a

  • SHA512

    818e69ef1708e52979fed7d0dd8be0419ad9baac51d66d37bf1cfa114fd80812fca498423aded427465c363ec9a11edb1168883f4d52852fe937aa184c22662e

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://carpascapital.com/gBPg8MtsGbv/ka.html
xlm40.dropper

https://gruasphenbogota.com/C74hwGGxi/ka.html

Targets

    • Target

      2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd

    • Size

      87KB

    • MD5

      5862ac9976cba84fe24e72dd6380d330

    • SHA1

      a1605db9c23eeb3f49958447023d9ff85df14b34

    • SHA256

      2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd

    • SHA512

      4e1d2bfbb72c4351046e739155297368600430cb1e891822063983b1aa98b5d4396bbc7673623b71dbbadb1dfbe279864c5cc4e3a4afb06d1d709b1b2493d8f0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks