General

  • Target

    Compensation-1636332621-09272021.xls

  • Size

    126KB

  • Sample

    210927-slrmtahdbl

  • MD5

    16ff3a934cc31ee7e4407caed8b5160b

  • SHA1

    89bca4aae18925b44b7a6424567d15f8a0139c21

  • SHA256

    7b9347900e27559ba3fcfe186a57ee8d28f8c949442a5d12a4bf9f7ed459114d

  • SHA512

    f9dcb21be0c22d6e440e6ebeebfb70ee5229cf8bf2df8199a7b0d5fb57c8bfdbe459f763869108b3b48d2a93b0984115c63809a083349dc68e9ae0207dd3ce23

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.178/44466.6342006944.dat

xlm40.dropper

http://185.183.96.67/44466.6342006944.dat

xlm40.dropper

http://185.250.148.213/44466.6342006944.dat

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://190.14.37.178/44466.6343003472.dat

xlm40.dropper

http://185.183.96.67/44466.6343003472.dat

xlm40.dropper

http://185.250.148.213/44466.6343003472.dat

Targets

    • Target

      Compensation-1636332621-09272021.xls

    • Size

      126KB

    • MD5

      16ff3a934cc31ee7e4407caed8b5160b

    • SHA1

      89bca4aae18925b44b7a6424567d15f8a0139c21

    • SHA256

      7b9347900e27559ba3fcfe186a57ee8d28f8c949442a5d12a4bf9f7ed459114d

    • SHA512

      f9dcb21be0c22d6e440e6ebeebfb70ee5229cf8bf2df8199a7b0d5fb57c8bfdbe459f763869108b3b48d2a93b0984115c63809a083349dc68e9ae0207dd3ce23

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks