Overview

overview

10

Static

static

8

053bb9b909...9.xlsm

windows7_x64

10

053bb9b909...9.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    053bb9b9096198d542ba99d4aa0148e9af3797c17d2b874f406bf9d35749d809

  • Size

    110KB

  • Sample

    220118-bcm5lafbfj

  • MD5

    fdba23f96e2a3337048fbd1f116ac128

  • SHA1

    b9599026ed63f455d2cda18ec8dff202170be381

  • SHA256

    053bb9b9096198d542ba99d4aa0148e9af3797c17d2b874f406bf9d35749d809

  • SHA512

    82a691f0c5abaa2a9b56c800b9d405c155e6f5c6cfa80f1f39028ff8ce7e8239ee39cef06686b855c3173c8b4d034a55901280bfb0489e2bfdbebef153a89aa6

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0056.0151.0121.0114/c.html

Targets

    • Target

      053bb9b9096198d542ba99d4aa0148e9af3797c17d2b874f406bf9d35749d809

    • Size

      110KB

    • MD5

      fdba23f96e2a3337048fbd1f116ac128

    • SHA1

      b9599026ed63f455d2cda18ec8dff202170be381

    • SHA256

      053bb9b9096198d542ba99d4aa0148e9af3797c17d2b874f406bf9d35749d809

    • SHA512

      82a691f0c5abaa2a9b56c800b9d405c155e6f5c6cfa80f1f39028ff8ce7e8239ee39cef06686b855c3173c8b4d034a55901280bfb0489e2bfdbebef153a89aa6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks