Blog

IQ-FA004: Multiple Actors Abusing New Macro Methods

We wanted to go through and release some of the more interesting examples that we are running into regarding the era of the hidden (very hidden) documents, which we will publish in more flash reports and tweets going forward. .

It is not a surprise to us that the method we have described from our previous blog posts aimed at this behavior’s ZLoader 4.0 Macrosheets Evolution Hidden Sheets, Data Connections, and XLM Macros and has gained popularity.

XLSM leading to Parasite Stealer

InQuest Score

InQuest Score

InQest Labs Embeded Logic

VirusTotal XLSM Score

VirusTotal PE Score

Date Observed

Indicator Type

Indicator          

Notes/Reports

5/18/2020    

Maldoc Hash   

 a76b0b87bea1a1e760cb65790f0c89748b37210a56295ca7a4b96b549a0598b0  

InQuest Labs VirusTotal

5/18/2020    

URL   

 http://csgo-run.xyz/dl.exe  

/dl.exe

5/18/2020    

URL   

 http://176.96.238.140/gate.php  

/gate.php

5/18/2020    

IP Address 

 193.70.18.84  

AS16276 FR OVH

5/18/2020    

IP Address   

 176.96.238.140  

AS207319 RU MSKHOST

5/18/2020    

Domain  

 csgo-run.xyz  

[email protected]

5/18/2020    

Malware Payload  

 a5969850c72e45cffff2dcd7d6e80751f40dbc8fd4c48d653275503a7ea1e323  

VirusTotal Any.Run

VT-GRAPH


 


 

 

Free Email Hygiene Analysis

Solid email security begins with proper email hygiene. There are a variety of email hygiene technologies and wrapping one’s head around them all is challenging. Try our complimentary Email Hygiene Analysis and receive an instant report about your company’s security posture including a simple rating with iterative guidance, as well as a comparison against the Fortune 500. Try it today!

Free Email Hygiene Analysis