Overview

overview

10

Static

static

8

6cb9eff2c0...d.xlsm

windows7_x64

10

6cb9eff2c0...d.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6306148261199872.zip

  • Size

    71KB

  • Sample

    210724-rfb1eylane

  • MD5

    0ba6fae97f4b4e39c748f5e61ad70a8b

  • SHA1

    9d76eec3dc7961f832e597586e54639fb4eb5b46

  • SHA256

    7243cdac9f116075a2b25d45c319825feecee1e851744811dcf6a6cd50acc262

  • SHA512

    d9eb2c9d4c0dc220eae33fc49456e99949e74b431c5cff0efed3f7e14572579ff3508cacbb3ccdb97ddb09dd6c2c860fcca7e813e948b4830cf15ac248dcdbe3

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://162.248.227.39/first.php

Targets

    • Target

      6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d

    • Size

      85KB

    • MD5

      e05574d2a2b00fc7b9862ad631ce3315

    • SHA1

      b55f7933231453358bd4e0a033a8030595412b60

    • SHA256

      6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d

    • SHA512

      065d815ac37c355098345392f4ffe1793317e6cd55640f05229c2f1211b9a0dd0941844e7234a27986f8b6a48cb8de1aa883440c23be91450f6b1da9cb9c1468

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks