Overview

overview

10

Static

static

8

document-1...5.xlsm

windows7_x64

document-1...5.xlsm

windows10_x64

10

Resubmissions

15-09-2021 07:46

210915-jlxz6aabc4 10

23-03-2021 09:00

210323-waq4q3z2jn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1234094685.xlsm_C6E30F8F22BD9353C382AF5600DA8D38.zip

  • Size

    71KB

  • Sample

    210915-jlxz6aabc4

  • MD5

    73544aa6b20d924f0f2985e867b6260c

  • SHA1

    63ef1ee1b0fab005e7d47953b780668909d987b2

  • SHA256

    eb99e9650328d5065fc988c71d1a92aa5417a25608eb5df0d8b2a974df23b613

  • SHA512

    6615473e5c069120483a98f236c196f1fd286042e97a9dc533dcea50a0ca7e24e366aaee4fd3882096cf3052db1e262d6eaaef704a9894b7a93da91a0ef848a9

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rcwj22jxyvt03swnlt.xyz/grays.gif

Targets

    • Target

      document-1234094685.xlsm

    • Size

      81KB

    • MD5

      c6e30f8f22bd9353c382af5600da8d38

    • SHA1

      72227aab4820c4a56dfbd792a09935c5fbe4667a

    • SHA256

      7473478f6e6d7192b8d42b89b81a9d85386754861dce79f4688390b3400555c8

    • SHA512

      a42951d343cd71bb80f07eacce1eb0efcd118226c60464487d23fd2bbde7987aeb900fe021dea74f72e1e9c55efcc863310abce44fbfd1a7f71887aa78a940d5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks