Overview

overview

10

Static

static

8

1 Total Ne...y.xlsm

windows7-x64

10

1 Total Ne...y.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1 Total New Invoices-Thursday January 21 2021_EvilClippy.xlsm_

  • Size

    27KB

  • Sample

    221121-fn72csgf2z

  • MD5

    ae139f2cc20b9b3f2d18bfcf7d9eb15c

  • SHA1

    95a78defecdb76f75b2865c6314cb22d241b69cb

  • SHA256

    b10d9193aa930763de20f5105a9f1ad86f4af4fff934d22421c2ff52e16d0a9a

  • SHA512

    9086c3ff9880c449ceb20be5e2c7f0cb563452ff0db30c8b0581fd0a9ab64d950c26ebdda7faf17efe92ca0df3bef233ab37c7733149c0707b95121db729d16f

  • SSDEEP

    384:Ty72lRJT9Q47QbzZW6iVOC/e3vPlqJzhscrgDCQjZCfZQAjgPeq71LyGVQ5Eieaz:y25HQbdsVle3vUJmcMDiQ0w7Jq5cawU

Score
10/10
macroxlm

Malware Config

Extracted

Language
vba
URLs
vba.dropper

https://trezors.io.mahlongwa.com/rexj53wq.zip
vba.dropper

https://wiki.deveyesgroup.com/zbd2ng4j.zip
vba.dropper

https://cpanel.takeorders.co.uk/kzwc4s.zip
vba.dropper

https://nlmcvt.blissgene.com/grh5fw.rar
vba.dropper

https://t4p.autors.pt/hk1sqc.rar
vba.dropper

https://oasis.ivpr.org/kek4cz.zip
vba.dropper

https://app-halifax-mobileverification-mobileappupdate-system-update.cgsconstructores.com/abwtwv3x.zip
vba.dropper

https://peau2.ivpr.org/sgo2vq0.zip
vba.dropper

https://challengebarbell.co.in/vy6evt.zip
vba.dropper

https://ebay.vehicle.sales.aketbd.com/ssvklay.rar
vba.dropper

https://urbantrapfest.cl/byd2p9.zip
vba.dropper

https://4evakleen.com.au/mq722o00t.rar
vba.dropper

https://junzhang.webme.us/wiwl81d.zip
vba.dropper

https://web.guatemayavirtual.com/yqqu2ex.zip
vba.dropper

https://40fortyfoods.com/dwujyxoyd.rar
vba.dropper

https://qdtoolkit.thelaeffect.com/cm96j9axl.zip
vba.dropper

https://mail.qcvmail.com/k5fhmlr.zip
vba.dropper

https://miloscolic.bplaced.net/bsanc5ak.zip
vba.dropper

https://dentart.elitemarketing.hu/upeb9y2m.rar
vba.dropper

https://sellitzer.perkss.co.uk/spqo38ic.zip

Extracted

Language
xlm4.0
Source

Extracted

Language
xlm4.0
Source

Targets

    • Target

      1 Total New Invoices-Thursday January 21 2021_EvilClippy.xlsm_

    • Size

      27KB

    • MD5

      ae139f2cc20b9b3f2d18bfcf7d9eb15c

    • SHA1

      95a78defecdb76f75b2865c6314cb22d241b69cb

    • SHA256

      b10d9193aa930763de20f5105a9f1ad86f4af4fff934d22421c2ff52e16d0a9a

    • SHA512

      9086c3ff9880c449ceb20be5e2c7f0cb563452ff0db30c8b0581fd0a9ab64d950c26ebdda7faf17efe92ca0df3bef233ab37c7733149c0707b95121db729d16f

    • SSDEEP

      384:Ty72lRJT9Q47QbzZW6iVOC/e3vPlqJzhscrgDCQjZCfZQAjgPeq71LyGVQ5Eieaz:y25HQbdsVle3vUJmcMDiQ0w7Jq5cawU

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks