Overview

overview

10

Static

static

8

Payment-YSSZ.xlsb

windows7_x64

10

Payment-YSSZ.xlsb

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment-YSSZ.xlsb

  • Size

    255KB

  • Sample

    211013-q6x9zseahk

  • MD5

    bbce21ac6ad66c8294621556da70e895

  • SHA1

    29ced0cde6a261484013bbc392c230d430eeda47

  • SHA256

    b50bc2740da1618a1c0ac3cedffe35a499e0fcf700214736241cf736897fd94a

  • SHA512

    f3c547c7f4e523845df876d34eaefc682c5483c7ae45a5aa0851b93dd6480df265a27ef8ac867e6c641dc6a27ede03eac1891c853460fa875b4c6c11f1ac3aa3

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Payment-YSSZ.xlsb

    • Size

      255KB

    • MD5

      bbce21ac6ad66c8294621556da70e895

    • SHA1

      29ced0cde6a261484013bbc392c230d430eeda47

    • SHA256

      b50bc2740da1618a1c0ac3cedffe35a499e0fcf700214736241cf736897fd94a

    • SHA512

      f3c547c7f4e523845df876d34eaefc682c5483c7ae45a5aa0851b93dd6480df265a27ef8ac867e6c641dc6a27ede03eac1891c853460fa875b4c6c11f1ac3aa3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks