Overview

overview

10

Static

static

8

bc79a58b3c...5.xlsm

windows7-x64

10

bc79a58b3c...5.xlsm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

  • Size

    352KB

  • Sample

    230129-x3fn4aag25

  • MD5

    432b05fb9731cb01d37aacbbb1083351

  • SHA1

    27228feb776a3f613fcbc4b6b7df8209197116f7

  • SHA256

    bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

  • SHA512

    71c20fefa1606dcae2a3da2d2755bc4c2db804a779d939c0fe0cc740b4841c840f7dbf808faf2c779d75b58194913cac7097e393c1bbe874ddbcf39eefcddff8

  • SSDEEP

    6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnv:ui1QzB8WTyjNpMesUbsXmR6hS06qnv

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://powerdust.digital/g

Targets

    • Target

      bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

    • Size

      352KB

    • MD5

      432b05fb9731cb01d37aacbbb1083351

    • SHA1

      27228feb776a3f613fcbc4b6b7df8209197116f7

    • SHA256

      bc79a58b3cf723521c0cd7eee8c4084f15609a1acd41db09898cf40c2753c3c5

    • SHA512

      71c20fefa1606dcae2a3da2d2755bc4c2db804a779d939c0fe0cc740b4841c840f7dbf808faf2c779d75b58194913cac7097e393c1bbe874ddbcf39eefcddff8

    • SSDEEP

      6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnv:ui1QzB8WTyjNpMesUbsXmR6hS06qnv

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks