Overview

overview

10

Static

static

8

utente_1997.xls

windows7_x64

10

utente_1997.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bc4009e86b6f38a70537e54f39e66a13ef4605ec694d081b100137b0ee862c9

  • Size

    86KB

  • Sample

    220521-m9pkgagdfj

  • MD5

    3598f5102c4ecaa86fb5fd49a4e3c805

  • SHA1

    c07c8a4c4f220985eebc90cd763a655bd10123fa

  • SHA256

    0bc4009e86b6f38a70537e54f39e66a13ef4605ec694d081b100137b0ee862c9

  • SHA512

    e3c709181ecddca522863a33b8b1e2082477ff53866c3e8b730466ac11e29a1ff3f3cc4106cdada48d03fad6299d1951b2d905823fee87efe686e3a0e95b7920

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://link.rolandchase.com/setup.exe

Targets

    • Target

      utente_1997.xls

    • Size

      192KB

    • MD5

      fa4d2a3f8bbe0cb6dc01cf7435774a48

    • SHA1

      54ee780829976392a563f7069f522d98891ef15d

    • SHA256

      184142609f4cc5eea3ec43fd76101d859a442bf7619f7c9046153947f75f77c8

    • SHA512

      135009c5dd68dd91e7a437d4e057fc1e300a0512a5e04af00df224aa50b077faaad1eb8e2ec638a92bf84bf1de1eab9b8223634095a42f9e0ac32031f93a0fa9

    Score
    10/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks