Overview

overview

10

Static

static

8

2022-05-21...ed.xls

windows7_x64

10

2022-05-21...ed.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-05-21-b8f3a5f97651057dbc10bb483d8eb117_unzipped.bin

  • Size

    67KB

  • Sample

    220520-2ajx9saahq

  • MD5

    b8f3a5f97651057dbc10bb483d8eb117

  • SHA1

    2cec411ff6d32fd71dffc0e72e06d426e16d06e0

  • SHA256

    96031cc46b229cfb0baef38d56208412f45d0ec56a7f370fbe050894237f3009

  • SHA512

    cb953dbaf95fa7a3f6d47fab06db214e46fff67075b99ac7d16a46d674371279434041d64bf945d5c9438fd12b359e5f2293ec17254ced9acdc8c63c61024b83

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.clasite.com/blogs/IEEsyn/
xlm40.dropper

https://oncrete-egy.com/wp-content/V6Igzw8/
xlm40.dropper

http://opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/
xlm40.dropper

http://www.pjesacac.com/components/O93XXhMN3tOtTlV/

Targets

    • Target

      2022-05-21-b8f3a5f97651057dbc10bb483d8eb117_unzipped.bin

    • Size

      67KB

    • MD5

      b8f3a5f97651057dbc10bb483d8eb117

    • SHA1

      2cec411ff6d32fd71dffc0e72e06d426e16d06e0

    • SHA256

      96031cc46b229cfb0baef38d56208412f45d0ec56a7f370fbe050894237f3009

    • SHA512

      cb953dbaf95fa7a3f6d47fab06db214e46fff67075b99ac7d16a46d674371279434041d64bf945d5c9438fd12b359e5f2293ec17254ced9acdc8c63c61024b83

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks