Overview

overview

10

Static

static

8

utente_1754.xls

windows7_x64

10

utente_1754.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d9a29a08e96a288773150a0d8e296123e360512b24894ba65a52dd71427f384

  • Size

    84KB

  • Sample

    220521-m9afjsdce2

  • MD5

    758f72bbc974e04ee0408fd6f2d92ebb

  • SHA1

    b7101454d1d2c64a2da1925549fe18d077e1fbc4

  • SHA256

    3d9a29a08e96a288773150a0d8e296123e360512b24894ba65a52dd71427f384

  • SHA512

    8d1eba26e329c5e53244e3e074ec1dbd9b695c895e2667c9111d8df5aa63f682305c9b273791836b6c8828eaa24ecb59365a643a517de6266ab13ddbefa7ce4f

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://link.rolandchase.com/setup.exe

Targets

    • Target

      utente_1754.xls

    • Size

      185KB

    • MD5

      6829d18ce97cb75313c275ae90b5d068

    • SHA1

      9405702686663df6a96d8da8aa1cb8cae86e34bc

    • SHA256

      761c9ec3ed25e98ed2337494d92a68f0feb6679ef6aedf0b4dc47e1407651b2b

    • SHA512

      bb4509bf2c2c0a53576cdf01d2c7af79b38171c773b68731d3a4c528b95a6a575f95c4ae6564d83b04559c888eceb69adc58153a4e0b68405f1bb4e14d87764a

    Score
    10/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks