Overview

overview

10

Static

static

8

5bd66ab2a2...2.xlsb

windows7_x64

10

5bd66ab2a2...2.xlsb

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bd66ab2a24a23d80d2f2a03965df7ce8a2de1f0ca1922d0846a006d96508642

  • Size

    357KB

  • Sample

    220329-reb34sefa8

  • MD5

    56da90d2ce439a52f58bc425ec9ff8cb

  • SHA1

    be5735ab106498b2bc663cf62b8a1298b66f2f1d

  • SHA256

    5bd66ab2a24a23d80d2f2a03965df7ce8a2de1f0ca1922d0846a006d96508642

  • SHA512

    a7c2e735b0bb564dc1338d6027cb4551047418a6f1dd76bc2ff07c6e82c31396e003005bdb0ac19b2d99101f269f3fd96154f91814b1a23256da001445e7980f

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bemojo.com/ds/161120.gif

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bemojo.com/ds/161120.gif

Targets

    • Target

      5bd66ab2a24a23d80d2f2a03965df7ce8a2de1f0ca1922d0846a006d96508642

    • Size

      357KB

    • MD5

      56da90d2ce439a52f58bc425ec9ff8cb

    • SHA1

      be5735ab106498b2bc663cf62b8a1298b66f2f1d

    • SHA256

      5bd66ab2a24a23d80d2f2a03965df7ce8a2de1f0ca1922d0846a006d96508642

    • SHA512

      a7c2e735b0bb564dc1338d6027cb4551047418a6f1dd76bc2ff07c6e82c31396e003005bdb0ac19b2d99101f269f3fd96154f91814b1a23256da001445e7980f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks