Overview

overview

10

Static

static

8

analysis-1...4.xlsb

windows7_x64

10

analysis-1...4.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5838152208121856.zip

  • Size

    131KB

  • Sample

    210727-blltept8yn

  • MD5

    302da6fb17c9dabb456ec75ffa3db460

  • SHA1

    04fdc8dc4e9a5b9a547228c37c55343ddd121c97

  • SHA256

    8144e99db9c3d7782ffd9a9faffb1d1821842dbbb907bdb458f2a3ae088648a1

  • SHA512

    b933ff82683bbbeb75daf8c6e9681e34bbbd83bfc9bb58b3ee26291cbab575b4381fde0757a7f0d7b51631ef6536c67cb8035fb131408c814a0c3998dfc34114

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://phacdochuabenh.com/jJTYkIFPp6x/yy.html
xlm40.dropper

https://mobilesmsmarketing.online/1knoj4Bd3F0/yy.html

Targets

    • Target

      analysis-1808712384.xlsb

    • Size

      142KB

    • MD5

      e9d54291f481858ce92cfa7542db7e15

    • SHA1

      19685ad8b987846231c1615aa2f90d74ecb1f7f4

    • SHA256

      8d076c43b33231edb93313f5a0e311492b4c2d51888d6a6b6a42ad535f1be2d6

    • SHA512

      559917816900aedbc9973daa529975d19db2558d74ab30102aeecf23ece4efa0263f49fdaf5f9460d0baadc38f11c5a3c8eeb1af0570e2a85be97df32e505179

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks