Overview

overview

8

Static

static

8

Loan_1428.xls

windows7_x64

6

Loan_1428.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loan_1428.xls

  • Size

    231KB

  • Sample

    200712-lwkbqdlr1n

  • MD5

    400e6efd2c77e645e0dc39c2982ddf56

  • SHA1

    5a4fb6824785616c9579c40a76ce0a899bcbe747

  • SHA256

    650eb12a21a9ab6b9a3063f366e59066f12040cad0ff5967b028d9c199abc955

  • SHA512

    1f1717a3a586fc6e6c7d5cc0cb66d72dffade0e851e16c79cdb8f84a78dbd507a8206e05c271c848f1674b93cfed56a19e6eca59b064d467c2a29f054eb50cfa

Score
8/10
evasionmacrospywaretrojan

Malware Config

Targets

    • Target

      Loan_1428.xls

    • Size

      231KB

    • MD5

      400e6efd2c77e645e0dc39c2982ddf56

    • SHA1

      5a4fb6824785616c9579c40a76ce0a899bcbe747

    • SHA256

      650eb12a21a9ab6b9a3063f366e59066f12040cad0ff5967b028d9c199abc955

    • SHA512

      1f1717a3a586fc6e6c7d5cc0cb66d72dffade0e851e16c79cdb8f84a78dbd507a8206e05c271c848f1674b93cfed56a19e6eca59b064d467c2a29f054eb50cfa

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks