Overview

overview

10

Static

static

8

f25cae72c9...be.xls

windows7-x64

10

f25cae72c9...be.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f25cae72c9d8ffb38fd7ecdc83bcc970c427fec076d27d2f9b2918bdc23d99be

  • Size

    36KB

  • Sample

    221130-t5g36agb47

  • MD5

    b85d9d90ba0641f9551b614e95e9d7c6

  • SHA1

    08b4946d5659d829d0742864d2b2b4a5104652f1

  • SHA256

    f25cae72c9d8ffb38fd7ecdc83bcc970c427fec076d27d2f9b2918bdc23d99be

  • SHA512

    208db4bf85b369d26b68a013fc8c1fff38218c3a116c2c25265089ad36f4cc529312ccc8621f077808a0fc4d151001e07263c93b315a4f64f90a6fb36b04e827

  • SSDEEP

    768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ6l68pP8JsyRdSrp:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nn

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://skill.fashion/wp-data.php
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      f25cae72c9d8ffb38fd7ecdc83bcc970c427fec076d27d2f9b2918bdc23d99be

    • Size

      36KB

    • MD5

      b85d9d90ba0641f9551b614e95e9d7c6

    • SHA1

      08b4946d5659d829d0742864d2b2b4a5104652f1

    • SHA256

      f25cae72c9d8ffb38fd7ecdc83bcc970c427fec076d27d2f9b2918bdc23d99be

    • SHA512

      208db4bf85b369d26b68a013fc8c1fff38218c3a116c2c25265089ad36f4cc529312ccc8621f077808a0fc4d151001e07263c93b315a4f64f90a6fb36b04e827

    • SSDEEP

      768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ6l68pP8JsyRdSrp:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nn

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks