Overview

overview

10

Static

static

8

Summary-17...1.xlsb

windows7-x64

10

Summary-17...1.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abf05a49ab888fcbe3984003176fe6e56c0f79eb82b3f501d161ba357f1c10db

  • Size

    97KB

  • Sample

    221124-eg9qyaff53

  • MD5

    995e82bbfd99cfafff0ba56d92f31fb6

  • SHA1

    84155eb964249e35438f07480d694b4b35b31922

  • SHA256

    abf05a49ab888fcbe3984003176fe6e56c0f79eb82b3f501d161ba357f1c10db

  • SHA512

    c356e63e1d8c679c6f3bb93ae64d411005b84d1369e6904538c476718919c5ec94edcb3d45fac2c36e35af3a2e33536d3010af25713f1cdfe7c871c78485850c

  • SSDEEP

    3072:w1ZS6kQCdvXpcgddiTmxhYg6y8ewUSR7CPiK:wm6krdvXpcgddYmDYg6VLgH

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://94.140.112.209/3158120890161990.dat
xlm40.dropper

http://185.190.80.172/3158120890161990.dat
xlm40.dropper

http://111.90.150.43/%203158120890161990.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://94.140.112.209/5226172599393720.dat
xlm40.dropper

http://185.190.80.172/5226172599393720.dat
xlm40.dropper

http://111.90.150.43/%205226172599393720.dat

Targets

    • Target

      Summary-1702295810-Jan31.xlsb

    • Size

      129KB

    • MD5

      ace572c463a4750dd386230a49d0813d

    • SHA1

      e6a8f6591ca251d8dff34777da4b34aeff887f5f

    • SHA256

      ff6d0d7393fce9ee3eb0ba57954f8fc3129dc7091d5c0a5405bc0ba9c2e158a0

    • SHA512

      20590fa7e831c95b481976205df7d1af464bd66bc6443c62c63aad6238604abfa3ade5fae5ea90755b0d7c69b4513fe2a7fd39f268d54284b628feec31cc2bed

    • SSDEEP

      3072:S+vHLEhWYjnsCbxKljNE5gKmFOi+uaE7O6Lk:rohtrsCbxKljDKmFOi/7Ob

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks