90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zloader.xlsm
Size

93KB
Sample

240817-1bffss1akm
MD5

b36a0543b28f4ad61d0f64b729b2511b
SHA1

bf62dc338b1dd50a3f7410371bc3f2206350ebea
SHA256

90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c
SHA512

cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037
SSDEEP

1536:0sqG3SkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNONUhfy:0sNrxWXnCjiubXKD/EQA

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://erpoweredent.at/3/zte.dll

Targets

- Target
  
  Zloader.xlsm
- Size
  
  93KB
- MD5
  
  b36a0543b28f4ad61d0f64b729b2511b
- SHA1
  
  bf62dc338b1dd50a3f7410371bc3f2206350ebea
- SHA256
  
  90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c
- SHA512
  
  cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037
- SSDEEP
  
  1536:0sqG3SkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNONUhfy:0sNrxWXnCjiubXKD/EQA
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2