General

  • Target

    Data_2306.xls

  • Size

    55KB

  • Sample

    221205-g1symscf96

  • MD5

    ceb04b9fffca2e2829ad38eb2759f6af

  • SHA1

    05255544c27d0b91189de83165dbf10841e9b692

  • SHA256

    7e55b39e29fa0280e14ba6408a88dbc7d7bb2f058fe99344d21af0282d4249bd

  • SHA512

    d1060183bdfd0a60bcfe75f33d9560a391730497c574fe14b9aefe0aa975a0792dfa71e3980763d57d2fadac3b6f55ca5c7af0032328e40f14c99cab6f813f1a

  • SSDEEP

    1536:G+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2Qv6cNCVQ5:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.rec-escape.com/dev1/7hMk6v/

xlm40.dropper

https://cheffsys.com/AZOTEA/QpZ/

xlm40.dropper

http://balticcontrolbd.com/images/GG1d8an/

xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/yKANkXfH/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.rec-escape.com/dev1/7hMk6v/

xlm40.dropper

https://cheffsys.com/AZOTEA/QpZ/

Targets

    • Target

      Data_2306.xls

    • Size

      55KB

    • MD5

      ceb04b9fffca2e2829ad38eb2759f6af

    • SHA1

      05255544c27d0b91189de83165dbf10841e9b692

    • SHA256

      7e55b39e29fa0280e14ba6408a88dbc7d7bb2f058fe99344d21af0282d4249bd

    • SHA512

      d1060183bdfd0a60bcfe75f33d9560a391730497c574fe14b9aefe0aa975a0792dfa71e3980763d57d2fadac3b6f55ca5c7af0032328e40f14c99cab6f813f1a

    • SSDEEP

      1536:G+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2Qv6cNCVQ5:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks