General

  • Target

    Purchase confirmation-6232.xlsm

  • Size

    186KB

  • Sample

    210727-la7sa677e2

  • MD5

    0c85b4bdd02961753b9a14cd9a75e945

  • SHA1

    bbe0003a47b518f0ccc0d55c83328225b6b46b19

  • SHA256

    32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9

  • SHA512

    8eb9b5d868c9b907433e7422c2929b819fdfacc70c5eaa05cfadc2cb92c3a52699f95751af35b7936d42c98ec3075b0b9d94ab97533526218a4e14a6ef30e9cc

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://feedbackdownload.download/44389,7571259259.jpg

Targets

    • Target

      Purchase confirmation-6232.xlsm

    • Size

      186KB

    • MD5

      0c85b4bdd02961753b9a14cd9a75e945

    • SHA1

      bbe0003a47b518f0ccc0d55c83328225b6b46b19

    • SHA256

      32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9

    • SHA512

      8eb9b5d868c9b907433e7422c2929b819fdfacc70c5eaa05cfadc2cb92c3a52699f95751af35b7936d42c98ec3075b0b9d94ab97533526218a4e14a6ef30e9cc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks