Overview

overview

10

Static

static

8

67a6ae0924...5b.xls

windows7-x64

10

67a6ae0924...5b.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67a6ae0924ee0a9ac880bb1183f4c6814a878a9a0a746f1f5536484c76c0df5b

  • Size

    36KB

  • Sample

    230129-x2zetacb4s

  • MD5

    825ee9c7336a32aa9b58309084effb0a

  • SHA1

    70ba2f9d59d974be6d604a0d5cbbd4d38866b803

  • SHA256

    67a6ae0924ee0a9ac880bb1183f4c6814a878a9a0a746f1f5536484c76c0df5b

  • SHA512

    45b67b60808ebf032d0e458287de7d8d9fc325e627fd372ae9c638a3d71d5e512725628b53446b017e9fa117062b9bddcce28a3571e5ebb71edc59434dcaf2a6

  • SSDEEP

    768:1PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJZl2qXXxhLIi85IaCDP:9ok3hbdlylKsgqopeJBWhZFGkE+cL2Nk

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      67a6ae0924ee0a9ac880bb1183f4c6814a878a9a0a746f1f5536484c76c0df5b

    • Size

      36KB

    • MD5

      825ee9c7336a32aa9b58309084effb0a

    • SHA1

      70ba2f9d59d974be6d604a0d5cbbd4d38866b803

    • SHA256

      67a6ae0924ee0a9ac880bb1183f4c6814a878a9a0a746f1f5536484c76c0df5b

    • SHA512

      45b67b60808ebf032d0e458287de7d8d9fc325e627fd372ae9c638a3d71d5e512725628b53446b017e9fa117062b9bddcce28a3571e5ebb71edc59434dcaf2a6

    • SSDEEP

      768:1PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJZl2qXXxhLIi85IaCDP:9ok3hbdlylKsgqopeJBWhZFGkE+cL2Nk

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks