b2206970ff901ea3cf498aac5c746394c96477e1f61e507d6717c07f285e783e | Triage

Sharing

General

Target

SecuriteInfo.com.XLM.Trojan.Abracadabra.35.Gen.22744.9734.xlsx
Size

280KB
Sample

220922-bgna6adabr
MD5

163633435ad30c62d8d13c2637bb90c8
SHA1

18d75ca1a521a376700e1849812a2517bb8afd1a
SHA256

b2206970ff901ea3cf498aac5c746394c96477e1f61e507d6717c07f285e783e
SHA512

a6d3ff54e525bc0829086a80a3b963f54f36bbcad4bc4ad819a69612a913a4997e159775480e36e9339a9d93c9e0776d27e774974153ae44096ee38052db2cfd
SSDEEP

6144:6cPiTQAVW/89BQnmlcGvgZ7rDjo8UOMzJK+tfq5M:5pC

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://deluciaspizza.com/netmouser.dll

Targets

- Target
  
  SecuriteInfo.com.XLM.Trojan.Abracadabra.35.Gen.22744.9734.xlsx
- Size
  
  280KB
- MD5
  
  163633435ad30c62d8d13c2637bb90c8
- SHA1
  
  18d75ca1a521a376700e1849812a2517bb8afd1a
- SHA256
  
  b2206970ff901ea3cf498aac5c746394c96477e1f61e507d6717c07f285e783e
- SHA512
  
  a6d3ff54e525bc0829086a80a3b963f54f36bbcad4bc4ad819a69612a913a4997e159775480e36e9339a9d93c9e0776d27e774974153ae44096ee38052db2cfd
- SSDEEP
  
  6144:6cPiTQAVW/89BQnmlcGvgZ7rDjo8UOMzJK+tfq5M:5pC
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2