Overview

overview

10

Static

static

8

4e5c061af1...37.xls

windows7-x64

10

4e5c061af1...37.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e5c061af1688b82654de5706a0f14d4b860fb8c916dbab3045ed10dd552f437

  • Size

    36KB

  • Sample

    221130-srtz5abg56

  • MD5

    caec6876919c6ef186e11e3bacaede1d

  • SHA1

    90e27744fe131b70dbe0566e18b9dc0fe3f3a243

  • SHA256

    4e5c061af1688b82654de5706a0f14d4b860fb8c916dbab3045ed10dd552f437

  • SHA512

    eae9075aaf6b911059f12cac194394be25e87b8a14694657c8bc9e411c751ddd214eb0779b3a002b98d402af52b6f6fb0f66a82282378f72fc9271b35c0320d1

  • SSDEEP

    768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhnFwbS1N0NeOSV:Cok3hbdlylKsgqopeJBWhZFGkE+cL2NK

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      4e5c061af1688b82654de5706a0f14d4b860fb8c916dbab3045ed10dd552f437

    • Size

      36KB

    • MD5

      caec6876919c6ef186e11e3bacaede1d

    • SHA1

      90e27744fe131b70dbe0566e18b9dc0fe3f3a243

    • SHA256

      4e5c061af1688b82654de5706a0f14d4b860fb8c916dbab3045ed10dd552f437

    • SHA512

      eae9075aaf6b911059f12cac194394be25e87b8a14694657c8bc9e411c751ddd214eb0779b3a002b98d402af52b6f6fb0f66a82282378f72fc9271b35c0320d1

    • SSDEEP

      768:+PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhnFwbS1N0NeOSV:Cok3hbdlylKsgqopeJBWhZFGkE+cL2NK

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks