ad89e9db50db436f299e047bb5ecd3646f5fc625e14a676c84dcf5a59c3a5195

General

Target

Claim-201194937-09242021.xls
Size

409KB
Sample

210926-xa8jeafcc2
MD5

26ac2279ab58df05f8b2cadaabd01f63
SHA1

35461492837533325059ed6d450b2e5442116c63
SHA256

ad89e9db50db436f299e047bb5ecd3646f5fc625e14a676c84dcf5a59c3a5195
SHA512

7e5e988d5fcbd8a8649f5e25c0b23e029aca1fddf848b2f01ed099f147555fde13fa8273c2a409393549604738ea17a7631a35ed12cd55249753c8bb5b76ca25

Score

10^/10

macro macro_on_action

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://179.43.152.158/44465.8614204861.dat

xlm40.dropper

http://185.183.96.206/44465.8614204861.dat

xlm40.dropper

http://94.140.114.130/44465.8614204861.dat

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://179.43.152.158/44465.7781306713.dat

xlm40.dropper

http://185.183.96.206/44465.7781306713.dat

xlm40.dropper

http://94.140.114.130/44465.7781306713.dat

Targets

- Target
  
  Claim-201194937-09242021.xls
- Size
  
  409KB
- MD5
  
  26ac2279ab58df05f8b2cadaabd01f63
- SHA1
  
  35461492837533325059ed6d450b2e5442116c63
- SHA256
  
  ad89e9db50db436f299e047bb5ecd3646f5fc625e14a676c84dcf5a59c3a5195
- SHA512
  
  7e5e988d5fcbd8a8649f5e25c0b23e029aca1fddf848b2f01ed099f147555fde13fa8273c2a409393549604738ea17a7631a35ed12cd55249753c8bb5b76ca25
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2