b10d9193aa930763de20f5105a9f1ad86f4af4fff934d22421c2ff52e16d0a9a

General

Target

1 Total New Invoices-Thursday January 21 2021_EvilClippy.xlsm_
Size

27KB
Sample

221121-fn72csgf2z
MD5

ae139f2cc20b9b3f2d18bfcf7d9eb15c
SHA1

95a78defecdb76f75b2865c6314cb22d241b69cb
SHA256

b10d9193aa930763de20f5105a9f1ad86f4af4fff934d22421c2ff52e16d0a9a
SHA512

9086c3ff9880c449ceb20be5e2c7f0cb563452ff0db30c8b0581fd0a9ab64d950c26ebdda7faf17efe92ca0df3bef233ab37c7733149c0707b95121db729d16f
SSDEEP

384:Ty72lRJT9Q47QbzZW6iVOC/e3vPlqJzhscrgDCQjZCfZQAjgPeq71LyGVQ5Eieaz:y25HQbdsVle3vUJmcMDiQ0w7Jq5cawU

Score

10^/10

macro xlm

Malware Config

Extracted

Language

vba

URLs

vba.dropper

https://trezors.io.mahlongwa.com/rexj53wq.zip

vba.dropper

https://wiki.deveyesgroup.com/zbd2ng4j.zip

vba.dropper

https://cpanel.takeorders.co.uk/kzwc4s.zip

vba.dropper

https://nlmcvt.blissgene.com/grh5fw.rar

vba.dropper

https://t4p.autors.pt/hk1sqc.rar

vba.dropper

https://oasis.ivpr.org/kek4cz.zip

vba.dropper

https://app-halifax-mobileverification-mobileappupdate-system-update.cgsconstructores.com/abwtwv3x.zip

vba.dropper

https://peau2.ivpr.org/sgo2vq0.zip

vba.dropper

https://challengebarbell.co.in/vy6evt.zip

vba.dropper

https://ebay.vehicle.sales.aketbd.com/ssvklay.rar

vba.dropper

https://urbantrapfest.cl/byd2p9.zip

vba.dropper

https://4evakleen.com.au/mq722o00t.rar

vba.dropper

https://junzhang.webme.us/wiwl81d.zip

vba.dropper

https://web.guatemayavirtual.com/yqqu2ex.zip

vba.dropper

https://40fortyfoods.com/dwujyxoyd.rar

vba.dropper

https://qdtoolkit.thelaeffect.com/cm96j9axl.zip

vba.dropper

https://mail.qcvmail.com/k5fhmlr.zip

vba.dropper

https://miloscolic.bplaced.net/bsanc5ak.zip

vba.dropper

https://dentart.elitemarketing.hu/upeb9y2m.rar

vba.dropper

https://sellitzer.perkss.co.uk/spqo38ic.zip

Extracted

Language

xlm4.0

Source

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  1 Total New Invoices-Thursday January 21 2021_EvilClippy.xlsm_
- Size
  
  27KB
- MD5
  
  ae139f2cc20b9b3f2d18bfcf7d9eb15c
- SHA1
  
  95a78defecdb76f75b2865c6314cb22d241b69cb
- SHA256
  
  b10d9193aa930763de20f5105a9f1ad86f4af4fff934d22421c2ff52e16d0a9a
- SHA512
  
  9086c3ff9880c449ceb20be5e2c7f0cb563452ff0db30c8b0581fd0a9ab64d950c26ebdda7faf17efe92ca0df3bef233ab37c7733149c0707b95121db729d16f
- SSDEEP
  
  384:Ty72lRJT9Q47QbzZW6iVOC/e3vPlqJzhscrgDCQjZCfZQAjgPeq71LyGVQ5Eieaz:y25HQbdsVle3vUJmcMDiQ0w7Jq5cawU
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2