General

  • Target

    PRMS_822004851.zip

  • Size

    89KB

  • Sample

    211014-fne1ksgahl

  • MD5

    d1900635575b55cec4bd6d65f76933a3

  • SHA1

    d581aabf5e91d6b28fcaac1ea0f4f00407626d18

  • SHA256

    aab608f07f33eb9a5c6e673b32cfdccaf8034842dd607b51f9ddc3556be04fc0

  • SHA512

    149b9ae4175b6e751d0aebaf520f114489fea19adc67f5c2922c8b88b6ccae09df850acf96aca114d5c533345b192365a485113d784b26bd67aa54e40bc7171c

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.220/44483.2933152778.dat

xlm40.dropper

http://23.106.125.233/44483.2933152778.dat

xlm40.dropper

http://178.23.190.199/44483.2933152778.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.220/44483.2101575231.dat

xlm40.dropper

http://23.106.125.233/44483.2101575231.dat

xlm40.dropper

http://178.23.190.199/44483.2101575231.dat

Targets

    • Target

      PRMS_822004851.xls

    • Size

      134KB

    • MD5

      0fabeef31b401b43f6dad8a373d55d4a

    • SHA1

      f42f36c2fbf269bba7db101991e1a5be2c185b64

    • SHA256

      4ff4e135e3c8f23427763b635c0b38e3d7a4957e8ded530bbc1ded32c156c4c4

    • SHA512

      69ee8d329595ae8630543a9cc4ecc82e1152b9816db02df8b2794fb786b0992f4d52250dfb9f56b93f6cbdbdc7068433dbbc45869bcd86aab1a0b02e5a1dbc85

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks