Overview

overview

10

Static

static

8

805172bc28...e.xlsm

windows7-x64

10

805172bc28...e.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    805172bc285c8abf34e38e9431a9410d3bbc12041ad7f66081027bfaa79f424e.zip

  • Size

    18KB

  • Sample

    230401-ynbx2acc86

  • MD5

    b4023273070e51bf9076af01884c088a

  • SHA1

    2b281460056fab43622305f463b068f6a0fd56bb

  • SHA256

    c99cd98659076b6fdc7489fbac5fc37fb74d7277e2ae9299804486c651f7420a

  • SHA512

    03395690d7b652a729e1fc3273cc4e01215388787af543aba495b4fcc2550523615357b187a52d3712e52e0b12176def8bfcaecf99390049861508715008572f

  • SSDEEP

    384:XG8p/ChnG0skxV6sXoqI53/9UNRJQRd5ewfDa1goCxzy8XqVpdOD:28hC9vQsYj31UNRuX3fDayZ9XIpm

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://yourdesicart.com/errors.php
xlm40.dropper

http://melis.com.ar/errors.php

Targets

    • Target

      805172bc285c8abf34e38e9431a9410d3bbc12041ad7f66081027bfaa79f424e

    • Size

      20KB

    • MD5

      6f700a6eda0cc8dfc73a536713fc367a

    • SHA1

      3b74c1cfb772067dcadb462062009440bc287bc8

    • SHA256

      805172bc285c8abf34e38e9431a9410d3bbc12041ad7f66081027bfaa79f424e

    • SHA512

      9aa807575c2a2ea81bc48eeb2ac7051043c62c1c7eb67d35eab57cdeb248558c8d365e22eec78fb141afe1d72cf92a10351255354621d2da45f5a7c76f38badb

    • SSDEEP

      384:u5PW4cGz9IpUCIyr8A1qInSBJkWzjZeJk+IOUlM9z4c:u5PRipUCxD1qzk+5Ox0c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks