e43a3e22c345838254d967e5523d858e4049018eaee4f1ab5bfc8467c62e17ab | Triage

Sharing

General

Target

Form.xls
Size

91KB
Sample

230125-ncgn2ahd9t
MD5

40b76012b8b6529ecf8351125ac25173
SHA1

f9daf8fefcf0013c84a67fb0d1f8b6c9310d8165
SHA256

e43a3e22c345838254d967e5523d858e4049018eaee4f1ab5bfc8467c62e17ab
SHA512

c2dc3c35a809dd3d151660079cf2ba01fb2be917236dc2bc1c1134b9327cebd21e3195b6964f639e7e09975844e8a0cc3cb5e8e87481e92a11140bbf0ddf4061
SSDEEP

1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4bCXuZH4gb4CEn9J4ZTrX:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.vinyz.com/cache/rqWV/

xlm40.dropper

http://yuanliao.raluking.com/1eq5o7/gHrTM8YilZz0quKt/

xlm40.dropper

https://akarweb.net/cgi-bin/CL13tGXI/

xlm40.dropper

http://www.bdbg.es/css/DDm7o71vWtTs/

Targets

- Target
  
  Form.xls
- Size
  
  91KB
- MD5
  
  40b76012b8b6529ecf8351125ac25173
- SHA1
  
  f9daf8fefcf0013c84a67fb0d1f8b6c9310d8165
- SHA256
  
  e43a3e22c345838254d967e5523d858e4049018eaee4f1ab5bfc8467c62e17ab
- SHA512
  
  c2dc3c35a809dd3d151660079cf2ba01fb2be917236dc2bc1c1134b9327cebd21e3195b6964f639e7e09975844e8a0cc3cb5e8e87481e92a11140bbf0ddf4061
- SSDEEP
  
  1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4bCXuZH4gb4CEn9J4ZTrX:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg8
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1