General

  • Target

    SecuriteInfo.com.XF.AShadow.1205.29880.21615.xlsx

  • Size

    36KB

  • Sample

    230330-3ke8hafh36

  • MD5

    f7a5636823fa8f31ead3c2acab3fb999

  • SHA1

    d755bc88892cfb653e6c8fb1b05637af916aa22a

  • SHA256

    b91bd79e54b479982cc3dbe9eb1ca22b2c91595e80ffc758c06ba54eb0ee4650

  • SHA512

    0ebcdb72dc07a9504f151d871966c0f913076d88244179f1cec61bcc11c6e18a8a45a3b50e61d78741e19a289a8ac9970c910b62de43063eeaf90cf9c19f88cd

  • SSDEEP

    768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJqy7AaZOow+wleULuY:Rok3hbdlylKsgqopeJBWhZFGkE+cL2Nb

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      SecuriteInfo.com.XF.AShadow.1205.29880.21615.xlsx

    • Size

      36KB

    • MD5

      f7a5636823fa8f31ead3c2acab3fb999

    • SHA1

      d755bc88892cfb653e6c8fb1b05637af916aa22a

    • SHA256

      b91bd79e54b479982cc3dbe9eb1ca22b2c91595e80ffc758c06ba54eb0ee4650

    • SHA512

      0ebcdb72dc07a9504f151d871966c0f913076d88244179f1cec61bcc11c6e18a8a45a3b50e61d78741e19a289a8ac9970c910b62de43063eeaf90cf9c19f88cd

    • SSDEEP

      768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJqy7AaZOow+wleULuY:Rok3hbdlylKsgqopeJBWhZFGkE+cL2Nb

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks