Overview

overview

10

Static

static

8

2f5f7b8821...d5.xls

windows7-x64

10

2f5f7b8821...d5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f5f7b882177c6211c35b72536c4538f517a6ba721471553256704a9ae035fd5

  • Size

    36KB

  • Sample

    221130-s5k95sda89

  • MD5

    6e2e94de643b4e834ed6d361e366520a

  • SHA1

    f19cfe9c49c6c1e6e644a91819658166ec80b0bd

  • SHA256

    2f5f7b882177c6211c35b72536c4538f517a6ba721471553256704a9ae035fd5

  • SHA512

    0230e61f6a5b27badc40ccb333eaeaa06ee4aebf2582be7c44786a9ee658e9dd971948a6a4d50e88085973e1b6851e88b26c6f2f4d02dabb7c4aa2242e8552c9

  • SSDEEP

    768:FPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJehhufe1CsSAFKO+sx7Xnax3uc+6H:tok3hbdlylKsgqopeJBWhZFGkE+cL2N4

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      2f5f7b882177c6211c35b72536c4538f517a6ba721471553256704a9ae035fd5

    • Size

      36KB

    • MD5

      6e2e94de643b4e834ed6d361e366520a

    • SHA1

      f19cfe9c49c6c1e6e644a91819658166ec80b0bd

    • SHA256

      2f5f7b882177c6211c35b72536c4538f517a6ba721471553256704a9ae035fd5

    • SHA512

      0230e61f6a5b27badc40ccb333eaeaa06ee4aebf2582be7c44786a9ee658e9dd971948a6a4d50e88085973e1b6851e88b26c6f2f4d02dabb7c4aa2242e8552c9

    • SSDEEP

      768:FPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJehhufe1CsSAFKO+sx7Xnax3uc+6H:tok3hbdlylKsgqopeJBWhZFGkE+cL2N4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks