Overview

overview

10

Static

static

8

utente_3405.xls

windows7_x64

10

utente_3405.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03d63fec183d453d5af0759707f4967296827ce2e2454e90e86fb95bf1586977

  • Size

    102KB

  • Sample

    220521-m9wzjsgdfp

  • MD5

    0a7e92be902c6dc59f15b048c44d8b42

  • SHA1

    078fd5bc6f6c1c503dbbbf81f733b3bbc8ec75f7

  • SHA256

    03d63fec183d453d5af0759707f4967296827ce2e2454e90e86fb95bf1586977

  • SHA512

    097d5d47b6c75a3de1f606c1fc25675c8df574442a2f76f8c3fb3b11135cb1060ec3d07adbf217d3b46830f147d4eb74367c98f90bd1875d6e9bc53f82c3c298

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://gstat.securityguardlisting.com/setup.exe

Targets

    • Target

      utente_3405.xls

    • Size

      235KB

    • MD5

      2e2c9f07f99791d6482e4839b95ec1ef

    • SHA1

      ebf4b8097462d1fdbfdc395a563aa45f9aa2644c

    • SHA256

      736ee17f187c4f39f8eb34f1f762ef0acb5a692cd9031cb5d8d6dc63edbf844f

    • SHA512

      8e322879cf17fcce845c2de2b99a05f16230a6513a7c61333908aca7c0dfc98c6cad4bfd3afb4785addba034e3c6b8a36cf29f7accef75252591a7b62a5d89ae

    Score
    10/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks