cancel_sub_VCP1234567890123.xlsb

General
Target

cancel_sub_VCP1234567890123.xlsb

Size

123KB

Sample

210802-3asm5re99x

Score
10 /10
MD5

9e1ee4a42c381eabcf2cde38a1aae7c9

SHA1

015bb306d9e54001d433b3ac2e7212b864f54ae2

SHA256

fd71a2fcc0b5dd0fb0dbff257839b67749f2cadf30e2d3dae7f0e941d93d24d3

SHA512

d8955c76657c68542ebcd1fc0b14b69917976892a2005ff0fcace3754200d52c4557235e083b76f4115cc940281dbe77a8e390e8bd18fbe9d5cdb128191580ec

Malware Config

Extracted

Language xlm4.0
Source
Targets
Target

cancel_sub_VCP1234567890123.xlsb

MD5

9e1ee4a42c381eabcf2cde38a1aae7c9

Filesize

123KB

Score
10 /10
SHA1

015bb306d9e54001d433b3ac2e7212b864f54ae2

SHA256

fd71a2fcc0b5dd0fb0dbff257839b67749f2cadf30e2d3dae7f0e941d93d24d3

SHA512

d8955c76657c68542ebcd1fc0b14b69917976892a2005ff0fcace3754200d52c4557235e083b76f4115cc940281dbe77a8e390e8bd18fbe9d5cdb128191580ec

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10