Overview

overview

10

Static

static

8

cb53bf4394...2.xlsb

windows7-x64

10

cb53bf4394...2.xlsb

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb53bf4394e7f77534ca8bfa1039fc76c50a54be4dce411926dbb594a1a55c52.xlsx

  • Size

    82KB

  • Sample

    230116-lvax4aha8y

  • MD5

    b6c09b88eeb411e648f688e7ca6a1ca9

  • SHA1

    da6a58fbb01118bf77842f75cb217c3cf33ded2f

  • SHA256

    cb53bf4394e7f77534ca8bfa1039fc76c50a54be4dce411926dbb594a1a55c52

  • SHA512

    adb123a059e116faa65717e4c7cd51479750d45457e63642b16dcc82b7b25c18ef5c43e9c54fc35ae5056b243ba1177d01453f0f985f48d6b9a031079a874f00

  • SSDEEP

    1536:UWLP2CET+S+agP7nA9u9DE23j/iuRPk4OJ2QspRxW+gdFx:V0T1k7TA+jiq1i2QspRk+gdFx

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://136.144.181.174:8080/Q2W5VWUFL5VCMQ7JQPETG3CCTYX72Z4R25PDG

Targets

    • Target

      cb53bf4394e7f77534ca8bfa1039fc76c50a54be4dce411926dbb594a1a55c52.xlsx

    • Size

      82KB

    • MD5

      b6c09b88eeb411e648f688e7ca6a1ca9

    • SHA1

      da6a58fbb01118bf77842f75cb217c3cf33ded2f

    • SHA256

      cb53bf4394e7f77534ca8bfa1039fc76c50a54be4dce411926dbb594a1a55c52

    • SHA512

      adb123a059e116faa65717e4c7cd51479750d45457e63642b16dcc82b7b25c18ef5c43e9c54fc35ae5056b243ba1177d01453f0f985f48d6b9a031079a874f00

    • SSDEEP

      1536:UWLP2CET+S+agP7nA9u9DE23j/iuRPk4OJ2QspRxW+gdFx:V0T1k7TA+jiq1i2QspRk+gdFx

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks