be79799e584cfeac364c9bdbdcae57e05fb4c94bf59886e3325efd1bdd9302cc | Triage

Sharing

General

Target

SecuriteInfo.com.XF.AShadow.1205.1391.24007.xlsx
Size

36KB
Sample

230330-3kfh9shb8y
MD5

95b76e54f8af81a0e045ca25a3190633
SHA1

2aa41013eb9ee260563341eb79a860737e495546
SHA256

be79799e584cfeac364c9bdbdcae57e05fb4c94bf59886e3325efd1bdd9302cc
SHA512

962d60dfa73fde181ce44ac8bb279e6e17b4fab01ec8b03449000ba9426333e615c36e85e26170d34225811dcca595c0fcf4de7173166d6990229c32626c457b
SSDEEP

768:VPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJNkVgnmcghFpM/u/:dok3hbdlylKsgqopeJBWhZFGkE+cL2N/

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

xlm40.dropper

https://syracuse.best/wp-data.php

Targets

- Target
  
  SecuriteInfo.com.XF.AShadow.1205.1391.24007.xlsx
- Size
  
  36KB
- MD5
  
  95b76e54f8af81a0e045ca25a3190633
- SHA1
  
  2aa41013eb9ee260563341eb79a860737e495546
- SHA256
  
  be79799e584cfeac364c9bdbdcae57e05fb4c94bf59886e3325efd1bdd9302cc
- SHA512
  
  962d60dfa73fde181ce44ac8bb279e6e17b4fab01ec8b03449000ba9426333e615c36e85e26170d34225811dcca595c0fcf4de7173166d6990229c32626c457b
- SSDEEP
  
  768:VPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJNkVgnmcghFpM/u/:dok3hbdlylKsgqopeJBWhZFGkE+cL2N/
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2