Overview

overview

10

Static

static

8

Form.xls

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Form.xls

  • Size

    91KB

  • Sample

    230125-m5ff1afg78

  • MD5

    40b76012b8b6529ecf8351125ac25173

  • SHA1

    f9daf8fefcf0013c84a67fb0d1f8b6c9310d8165

  • SHA256

    e43a3e22c345838254d967e5523d858e4049018eaee4f1ab5bfc8467c62e17ab

  • SHA512

    c2dc3c35a809dd3d151660079cf2ba01fb2be917236dc2bc1c1134b9327cebd21e3195b6964f639e7e09975844e8a0cc3cb5e8e87481e92a11140bbf0ddf4061

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4bCXuZH4gb4CEn9J4ZTrX:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.vinyz.com/cache/rqWV/
xlm40.dropper

http://yuanliao.raluking.com/1eq5o7/gHrTM8YilZz0quKt/
xlm40.dropper

https://akarweb.net/cgi-bin/CL13tGXI/
xlm40.dropper

http://www.bdbg.es/css/DDm7o71vWtTs/

Targets

    • Target

      Form.xls

    • Size

      91KB

    • MD5

      40b76012b8b6529ecf8351125ac25173

    • SHA1

      f9daf8fefcf0013c84a67fb0d1f8b6c9310d8165

    • SHA256

      e43a3e22c345838254d967e5523d858e4049018eaee4f1ab5bfc8467c62e17ab

    • SHA512

      c2dc3c35a809dd3d151660079cf2ba01fb2be917236dc2bc1c1134b9327cebd21e3195b6964f639e7e09975844e8a0cc3cb5e8e87481e92a11140bbf0ddf4061

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4bCXuZH4gb4CEn9J4ZTrX:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks