Overview

overview

10

Static

static

8

ReadMe(202...).xlsb

windows7_x64

10

ReadMe(202...).xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ReadMe(2021.10.20_22-42).xlsb

  • Size

    303KB

  • Sample

    211022-t6jndacgdl

  • MD5

    ad0243d00772cc88c6de8e6d7107d1be

  • SHA1

    e0aae2993486fda0d07555e13a8b20885c2bf7b6

  • SHA256

    2cd289033bd19bf0bdb229b8cc98a496d80eac284c54c60a04c48352fb5eaac6

  • SHA512

    7425af59827a9482d14ea468ce323dc910c6725aa8fcc2a02489bbc83475df10a73806238442bc9e54d76f16a3c81a6438e14363220a9bfdf005134c0670d296

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://94.140.112.183

Targets

    • Target

      ReadMe(2021.10.20_22-42).xlsb

    • Size

      303KB

    • MD5

      ad0243d00772cc88c6de8e6d7107d1be

    • SHA1

      e0aae2993486fda0d07555e13a8b20885c2bf7b6

    • SHA256

      2cd289033bd19bf0bdb229b8cc98a496d80eac284c54c60a04c48352fb5eaac6

    • SHA512

      7425af59827a9482d14ea468ce323dc910c6725aa8fcc2a02489bbc83475df10a73806238442bc9e54d76f16a3c81a6438e14363220a9bfdf005134c0670d296

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks