Overview

overview

10

Static

static

8

Details_964958588.xls

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details_964958588.xls

  • Size

    91KB

  • Sample

    230725-k3725acd6y

  • MD5

    e2009061cf64daa91fc4e8c5e20d6df5

  • SHA1

    78897dafa11266c5493c8fb75f83d3e13bd701e7

  • SHA256

    b33e885e06c907d6d3db37b7a7a5bf02f355720d59daa5f3997e28a4bcd1f5d8

  • SHA512

    5745c4c9f43cc57069267996a2ba6cb245d085eb7e36c835141541c585458d2d7ba3b151bec847b4d7250650481332c1b791ad054f047320de14dab771ae9060

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJBQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgN

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fixoutlet.com/logs/OGlRuU/
xlm40.dropper

http://www.cesasin.com.ar/administrator/viA95RR/
xlm40.dropper

http://blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/
xlm40.dropper

http://case.co.il/_js/dooigYa/

Targets

    • Target

      Details_964958588.xls

    • Size

      91KB

    • MD5

      e2009061cf64daa91fc4e8c5e20d6df5

    • SHA1

      78897dafa11266c5493c8fb75f83d3e13bd701e7

    • SHA256

      b33e885e06c907d6d3db37b7a7a5bf02f355720d59daa5f3997e28a4bcd1f5d8

    • SHA512

      5745c4c9f43cc57069267996a2ba6cb245d085eb7e36c835141541c585458d2d7ba3b151bec847b4d7250650481332c1b791ad054f047320de14dab771ae9060

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgIbCXuZH4gb4CEn9J4ZJBQvj:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgN

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks