Overview

overview

10

Static

static

8

AT565.xlsm

windows7_x64

10

AT565.xlsm

windows10-2004_x64

10

Resubmissions

24-02-2022 04:28

220224-e3pb5abhc5 10

23-01-2022 09:27

220123-le9rgsfgek 10

18-01-2022 06:23

220118-g5rw5sabcj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AT565.xlsm

  • Size

    110KB

  • Sample

    220118-g5rw5sabcj

  • MD5

    a1f20adb77868064a50bf9bc57f083e8

  • SHA1

    f016542608ddadb035c27ea0e8384dee30c72f51

  • SHA256

    c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

  • SHA512

    8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0056.0151.0121.0114/c.html

Targets

    • Target

      AT565.xlsm

    • Size

      110KB

    • MD5

      a1f20adb77868064a50bf9bc57f083e8

    • SHA1

      f016542608ddadb035c27ea0e8384dee30c72f51

    • SHA256

      c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

    • SHA512

      8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks