Overview

overview

10

Static

static

8

2c36cb4e17...5.xlsm

windows7-x64

10

2c36cb4e17...5.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c36cb4e1771a04e728d75eb65b05f6875d4eb56df6eb5810af09d0d5e419cd5.xlsm

  • Size

    59KB

  • Sample

    230117-jty77age4t

  • MD5

    eb20ca63dc3badc1a48072d33bd6428b

  • SHA1

    0cdf69cc3fa1612503c82bbb9b947c15e3267ce1

  • SHA256

    2c36cb4e1771a04e728d75eb65b05f6875d4eb56df6eb5810af09d0d5e419cd5

  • SHA512

    a8068815cafacc2c29b41c31cbdf03937fba2721c8169b5c326c18e2f305400390400af878c2626647a2bfd5e63857bbc64466cc8cea23049ba5cd0e036cea97

  • SSDEEP

    1536:x0AumW5DkaWwd92IkkIC+kyXEHz4LGLxZeOJI/Bdq/gn4L:xBuPuldkIlETXLPjJMn4L

Score
10/10
macroxlm

Malware Config

Extracted

Language
vba
URLs
vba.dropper

https://kadifpromo.dz/wnojmqyf2.zip
vba.dropper

https://elleaesthetics.com.au/gb66aagmv.zip
vba.dropper

https://clients.siplprojects.co.in/b77s7p.rar
vba.dropper

https://office.loopweb.lk/fncoyg4.zip
vba.dropper

https://cogitosoftware.in/p1sopys.zip
vba.dropper

https://borioliadvogados.com.br/myl708i.rar
vba.dropper

https://app.catholicchurch.co.in/nvrcx1s7.zip
vba.dropper

https://web2web.in/fv5si1r.zip
vba.dropper

https://lswesbank.co.za/dd7sliu8.rar
vba.dropper

https://maverickhiliving.in/w82ukfls.zip
vba.dropper

https://demo2.advisorhelp.ca/w2pooit.rar
vba.dropper

https://magnobrasiladvogados.com.br/wsr1van.zip
vba.dropper

https://report.solusitec.com.mx/jbi0j33.rar
vba.dropper

https://lgturviagens.resultaweb.com.br/g29mvj.rar
vba.dropper

https://svtn.mvmms.in/nsptybjik.zip
vba.dropper

https://atacado.bigstorex.com.br/o4jmmf.zip
vba.dropper

https://ipcc.project.webscript.co.in/qj6yee.zip
vba.dropper

https://fasttrips.resultaweb.com.br/kxejqa.zip
vba.dropper

https://phadishago.co.za/tfpyr6oh.zip
vba.dropper

https://mvswf17.mvmms.in/ljgdnra.rar

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://downloads.iyclm.in/juvd9q.rar

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://elleaesthetics.com.au/gb66aagmv.zip

Targets

    • Target

      2c36cb4e1771a04e728d75eb65b05f6875d4eb56df6eb5810af09d0d5e419cd5.xlsm

    • Size

      59KB

    • MD5

      eb20ca63dc3badc1a48072d33bd6428b

    • SHA1

      0cdf69cc3fa1612503c82bbb9b947c15e3267ce1

    • SHA256

      2c36cb4e1771a04e728d75eb65b05f6875d4eb56df6eb5810af09d0d5e419cd5

    • SHA512

      a8068815cafacc2c29b41c31cbdf03937fba2721c8169b5c326c18e2f305400390400af878c2626647a2bfd5e63857bbc64466cc8cea23049ba5cd0e036cea97

    • SSDEEP

      1536:x0AumW5DkaWwd92IkkIC+kyXEHz4LGLxZeOJI/Bdq/gn4L:xBuPuldkIlETXLPjJMn4L

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks