General

  • Target

    MV_TBN_VSL_PARTLS.xlsm

  • Size

    144KB

  • Sample

    211021-p5g1yaacg2

  • MD5

    c76da7df89d423cd538fd71870b4802a

  • SHA1

    de839678680efd2553571f5fcbac0641a6899f3b

  • SHA256

    98a76f0a67003483f167a270a6deb91bb10503f2b3482077efa09f11717faf7f

  • SHA512

    adb8e873e10073d7df196be323e011eb9a0b41fb28f444bbf5ce56f6416dde5b3e849d5ae64e0ec75eebeea69756b1805d2c06430d7943ffbbc1f46b64092474

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://3.64.251.139/vr/r/Az4P9gzPgEuPau5wQ3nh.exe

Targets

    • Target

      MV_TBN_VSL_PARTLS.xlsm

    • Size

      144KB

    • MD5

      c76da7df89d423cd538fd71870b4802a

    • SHA1

      de839678680efd2553571f5fcbac0641a6899f3b

    • SHA256

      98a76f0a67003483f167a270a6deb91bb10503f2b3482077efa09f11717faf7f

    • SHA512

      adb8e873e10073d7df196be323e011eb9a0b41fb28f444bbf5ce56f6416dde5b3e849d5ae64e0ec75eebeea69756b1805d2c06430d7943ffbbc1f46b64092474

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks