Overview

overview

10

Static

static

8

800d6760b2...9.xlsm

windows7-x64

10

800d6760b2...9.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    800d6760b293cd2e33128cff0e08e1000a53ab91c3ba05e6e1577a9490899b59

  • Size

    28KB

  • Sample

    221130-vcpg7sgg65

  • MD5

    687ddd53b6c273583e08db1698bfeabc

  • SHA1

    ed237ecf129e28f509de74a6f3c560a3d2aa2bec

  • SHA256

    800d6760b293cd2e33128cff0e08e1000a53ab91c3ba05e6e1577a9490899b59

  • SHA512

    3462614f8f8c9260be3bd585c9c307c1b6abe184950338b65e52a52a56184b4813351f7df035261f276473cb351a8d82d6d673cb8e5ea21aae5509c16222c0ef

  • SSDEEP

    768:+dgb8qEv5j/hv2454yNX0R/V+BKlRGstxHIU:+B15j/s45rNER/V+B6Rn7HIU

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://lokipanelhostingpanel.gq/work/worknew/1.exe

Targets

    • Target

      800d6760b293cd2e33128cff0e08e1000a53ab91c3ba05e6e1577a9490899b59

    • Size

      28KB

    • MD5

      687ddd53b6c273583e08db1698bfeabc

    • SHA1

      ed237ecf129e28f509de74a6f3c560a3d2aa2bec

    • SHA256

      800d6760b293cd2e33128cff0e08e1000a53ab91c3ba05e6e1577a9490899b59

    • SHA512

      3462614f8f8c9260be3bd585c9c307c1b6abe184950338b65e52a52a56184b4813351f7df035261f276473cb351a8d82d6d673cb8e5ea21aae5509c16222c0ef

    • SSDEEP

      768:+dgb8qEv5j/hv2454yNX0R/V+BKlRGstxHIU:+B15j/s45rNER/V+B6Rn7HIU

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks