Overview

overview

10

Static

static

8

Bloomberg ...5..xls

windows7-x64

10

Bloomberg ...5..xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bloomberg BNA Invoice Enclosed 0984762748365..xls

  • Size

    59KB

  • Sample

    230116-s7l98ahd49

  • MD5

    7c853ab182e0e0a51baa85ba460ddf51

  • SHA1

    b865efd764549e7e64eaa37ae67a977958a5fcec

  • SHA256

    a0362be648ebb92266bb64410e429350aefbddb0af74d7e89bea23cfbe75aa64

  • SHA512

    8368dd70259e9238acc6d116647a27cc5b4adc73158ed83923f5c841d688a3983b987828108f285aab73633ea4742eec74208ac46996b91b66b812cf33ba1602

  • SSDEEP

    1536:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knw0jftONLqbNacyr042LfC:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knZ

Score
10/10
macromacro_on_actionxlm

Malware Config

Targets

    • Target

      Bloomberg BNA Invoice Enclosed 0984762748365..xls

    • Size

      59KB

    • MD5

      7c853ab182e0e0a51baa85ba460ddf51

    • SHA1

      b865efd764549e7e64eaa37ae67a977958a5fcec

    • SHA256

      a0362be648ebb92266bb64410e429350aefbddb0af74d7e89bea23cfbe75aa64

    • SHA512

      8368dd70259e9238acc6d116647a27cc5b4adc73158ed83923f5c841d688a3983b987828108f285aab73633ea4742eec74208ac46996b91b66b812cf33ba1602

    • SSDEEP

      1536:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knw0jftONLqbNacyr042LfC:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks