8e586a928eecac9fa5b4dd6980915389f0092c6ec968ffe90dc4ccf3504ae578.xlsm

General
Target

8e586a928eecac9fa5b4dd6980915389f0092c6ec968ffe90dc4ccf3504ae578.xlsm

Size

48KB

Sample

220314-y191labhh9

Score
10 /10
MD5

1655267f2eef17c7bea81ee6cf65fbf9

SHA1

dd062a715bd8eee2b8b4d30e6786e5b108b63c1a

SHA256

8e586a928eecac9fa5b4dd6980915389f0092c6ec968ffe90dc4ccf3504ae578

SHA512

3b0f05743a81756ef75e8da15e393f40365c71d7e986141bfb467acd8a232581cc5bd01953ed61b6129652ebd9517b1282f01fbbe2e808aa70dc3c906bbb726d

Malware Config

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://www.arkpp.com/ARIS-BSU/9K1/

xlm40.dropper

http://www.avrworks.com/mail/0Z4GbaKuDTGprJ/

xlm40.dropper

http://www.babylinesl.com/catalog/iVsl6YvlyIyX/

xlm40.dropper

https://physioacademy.co.uk/blog/Qs8QZTp0Z6nKf9YjVBMS/

xlm40.dropper

https://unada.us/acme-challenge/3NXwcYNCa/

xlm40.dropper

https://automobile-facile.fr/wp-admin/QV/

xlm40.dropper

https://alebit.de/css/gqKtdKmTsC4iDh/

Extracted

Language xlm4.0
Source
URLs
xlm40.dropper

http://www.arkpp.com/ARIS-BSU/9K1/

Targets
Target

8e586a928eecac9fa5b4dd6980915389f0092c6ec968ffe90dc4ccf3504ae578.xlsm

MD5

1655267f2eef17c7bea81ee6cf65fbf9

Filesize

48KB

Score
10/10
SHA1

dd062a715bd8eee2b8b4d30e6786e5b108b63c1a

SHA256

8e586a928eecac9fa5b4dd6980915389f0092c6ec968ffe90dc4ccf3504ae578

SHA512

3b0f05743a81756ef75e8da15e393f40365c71d7e986141bfb467acd8a232581cc5bd01953ed61b6129652ebd9517b1282f01fbbe2e808aa70dc3c906bbb726d

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10