Overview

overview

10

Static

static

8

?i=1fyukxinr.xls

windows7_x64

10

?i=1fyukxinr.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1fyukxinr

  • Size

    118KB

  • Sample

    220522-f6f1lafhc3

  • MD5

    c930ab7f69ffa197bf8149c9038eebfc

  • SHA1

    0438b6bed41413f8dcd5f9e95416f5dcab034173

  • SHA256

    769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968

  • SHA512

    4d226575d5683d6acc853a87dcff2c518c4c57c59057420d610fb56c8d33cda87311e0ca28da95ab8de8cf78e837dfa9a39387a12b87151f2f5e06a5df94203b

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.cuneytkocas.com/wp-content/VSnofpES1wO2CcVob/
xlm40.dropper

http://towardsun.net/admin/BYGGkrYAnT/

Targets

    • Target

      ?i=1fyukxinr

    • Size

      118KB

    • MD5

      c930ab7f69ffa197bf8149c9038eebfc

    • SHA1

      0438b6bed41413f8dcd5f9e95416f5dcab034173

    • SHA256

      769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968

    • SHA512

      4d226575d5683d6acc853a87dcff2c518c4c57c59057420d610fb56c8d33cda87311e0ca28da95ab8de8cf78e837dfa9a39387a12b87151f2f5e06a5df94203b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks