General

  • Target

    bad.xls

  • Size

    88KB

  • Sample

    230608-gxte1ade2y

  • MD5

    f459c6371551ea34ccd02ab0c4121953

  • SHA1

    b247164d5bd3219d44a7ba6258472cc5701174ae

  • SHA256

    ed4da666f5dba2a162c5803de8d5daa13ab64cef6242295e099049dddeda5187

  • SHA512

    9d3558b4a59e0662d7ee2c3fbc1c898fd010453b4d2e39e90985a4f7f008b9291de438c2304d1d5bbed8ee8adca4d722af3a930ef6abf955774c82211cf61a56

  • SSDEEP

    1536:w2cKoSsxz1PDZLDZjlbR868O8Kfc03F7uDphYHceXVhca+fMHLtyeGx2zZ8dIOik:w2cKoSsxzNDZLDZjlbR868O8Kfc03F7a

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ghtyrncjf2df.com/fb26.gif

Targets

    • Target

      bad.xls

    • Size

      88KB

    • MD5

      f459c6371551ea34ccd02ab0c4121953

    • SHA1

      b247164d5bd3219d44a7ba6258472cc5701174ae

    • SHA256

      ed4da666f5dba2a162c5803de8d5daa13ab64cef6242295e099049dddeda5187

    • SHA512

      9d3558b4a59e0662d7ee2c3fbc1c898fd010453b4d2e39e90985a4f7f008b9291de438c2304d1d5bbed8ee8adca4d722af3a930ef6abf955774c82211cf61a56

    • SSDEEP

      1536:w2cKoSsxz1PDZLDZjlbR868O8Kfc03F7uDphYHceXVhca+fMHLtyeGx2zZ8dIOik:w2cKoSsxzNDZLDZjlbR868O8Kfc03F7a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks