General

  • Target

    Positions_invoice-103246.xlsm.zip

  • Size

    67KB

  • Sample

    210720-ww4cxkyxa6

  • MD5

    b786a9417765e7e44d69e329ef7d7ae3

  • SHA1

    2b5c3115927762c24fe7e41e425e8bf34b3f512f

  • SHA256

    cffc0806fb0efc64d3c551f790e1e2694f53a768cebd43949d976c0546afc6cd

  • SHA512

    04fbee3340454613e23a85868e066cfe82f5b38efa317cc74d2ab0ea4562fb871f8fdb6ea0689d41e66809badf979e54f3504eecd535a3c28ddbb73cbfc2957e

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://162.248.225.97/1.php

Targets

    • Target

      Positions_invoice-103246.xlsm

    • Size

      83KB

    • MD5

      2f02b14db12e5adedb47836517a12821

    • SHA1

      499fd76b033981e9ffc9ff28672c819c49920990

    • SHA256

      bd767a4f421a11cd8cf5376a57a6d805f01cdcab19b0a99c118b171d122e81a1

    • SHA512

      1954d749422059f3b3cffa7a70201a96cda57855a91e9db0fc690562976a8f90b5709df1ea973d24e5aa82d1f25ed5ad27418328da64c7d4442a6ee3010ac5fa

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks