Overview

overview

10

Static

static

8

fa3791a0e2...8.xlsm

windows7-x64

10

fa3791a0e2...8.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa3791a0e238bc6ab13c1fbd5ea054f8_JaffaCakes118

  • Size

    158KB

  • Sample

    240419-nsrh6sbe51

  • MD5

    fa3791a0e238bc6ab13c1fbd5ea054f8

  • SHA1

    8bacced7cc93bb62110479725014b659176f967e

  • SHA256

    65fe3389472a6a06f0ce0a5a3d615972131b5a54374f35ab413e60b3c15f7985

  • SHA512

    7980b6441fd13640695be3031899d4436338d16bcb2462f856e37056bf694a31bccb0b521b31b17899f4def8650cbcfcc3422a8ae513b8ebc043d73ebee89a60

  • SSDEEP

    3072:tHlTkdm3bGeAxidxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKKNB:tFTkeGKdxVyWxfMU3liWA6FsYq

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://biopaten.no/xeBP8Oj5/gg.html
xlm40.dropper

https://beartoothkawasaki.com/QJT19jhtwHt/gg.html

Targets

    • Target

      fa3791a0e238bc6ab13c1fbd5ea054f8_JaffaCakes118

    • Size

      158KB

    • MD5

      fa3791a0e238bc6ab13c1fbd5ea054f8

    • SHA1

      8bacced7cc93bb62110479725014b659176f967e

    • SHA256

      65fe3389472a6a06f0ce0a5a3d615972131b5a54374f35ab413e60b3c15f7985

    • SHA512

      7980b6441fd13640695be3031899d4436338d16bcb2462f856e37056bf694a31bccb0b521b31b17899f4def8650cbcfcc3422a8ae513b8ebc043d73ebee89a60

    • SSDEEP

      3072:tHlTkdm3bGeAxidxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKKNB:tFTkeGKdxVyWxfMU3liWA6FsYq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks