Overview

overview

10

Static

static

8

Confirmati...35.xls

windows7-x64

10

Confirmati...35.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Confirmation transfer Copy AGS 22-0035.xls

  • Size

    432KB

  • Sample

    221128-t9yxgaaa29

  • MD5

    b370036e80b83499b4bc486137b893c4

  • SHA1

    b4d424e2da518fe193346809be62e63c44e97fdd

  • SHA256

    42d0082e585e06f70971897e9c1b7a5f40b92e39889082c648ad7d3ff66905f9

  • SHA512

    f59cdb1c1b3088f407c5b578acfaf87726788b08fa35a3ff9b2fc81b5c0fb0f5816b07c19ca3d5c753c18e124cbeafdb4920d7734a062211963c17c2b0919b47

  • SSDEEP

    6144:XxEtjPOtioVjZUGGnwfDlavx+W2QdAwoLKRH2XS2t6V96NNahztExGfld9XGG1:MdzgqlT2

Score
10/10
macro

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://server-panelllx-9.gq/Myfile.exe

Targets

    • Target

      Confirmation transfer Copy AGS 22-0035.xls

    • Size

      432KB

    • MD5

      b370036e80b83499b4bc486137b893c4

    • SHA1

      b4d424e2da518fe193346809be62e63c44e97fdd

    • SHA256

      42d0082e585e06f70971897e9c1b7a5f40b92e39889082c648ad7d3ff66905f9

    • SHA512

      f59cdb1c1b3088f407c5b578acfaf87726788b08fa35a3ff9b2fc81b5c0fb0f5816b07c19ca3d5c753c18e124cbeafdb4920d7734a062211963c17c2b0919b47

    • SSDEEP

      6144:XxEtjPOtioVjZUGGnwfDlavx+W2QdAwoLKRH2XS2t6V96NNahztExGfld9XGG1:MdzgqlT2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks