Overview

overview

10

Static

static

8

Item_posit...5.xlsm

windows7_x64

10

Item_posit...5.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Item_positions_receipt_564965.xlsm

  • Size

    83KB

  • Sample

    210720-4agsstdyzx

  • MD5

    69ffd7ea01a030733c49e5af499d2b09

  • SHA1

    74f5eb89a00cc97ee00bc6d05e370c80c94828ee

  • SHA256

    41b7544d4b5ccdda8eea4ac8a7d7204d157301e87a41756cddbf8b451699338c

  • SHA512

    6696d25696de91bece383784553aca123e523fddaf4c512fc495d95130b023f23c2464ccc050d369c2819d5f5b0afe6ed43cb6667d2cf618390b9f44d871c621

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://162.248.225.97/1.php

Targets

    • Target

      Item_positions_receipt_564965.xlsm

    • Size

      83KB

    • MD5

      69ffd7ea01a030733c49e5af499d2b09

    • SHA1

      74f5eb89a00cc97ee00bc6d05e370c80c94828ee

    • SHA256

      41b7544d4b5ccdda8eea4ac8a7d7204d157301e87a41756cddbf8b451699338c

    • SHA512

      6696d25696de91bece383784553aca123e523fddaf4c512fc495d95130b023f23c2464ccc050d369c2819d5f5b0afe6ed43cb6667d2cf618390b9f44d871c621

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks