IQ-FA004:Multiple Actors Abusing New Macro Methods

Posted on 2020-05-18 by William MacArthur

 

Posted on 2020-05-18 by William MacArthur

 

We wanted to go through and release some of the more interesting examples that we are running into regarding the era of the hidden (very hidden) documents, which we will publish in more flash reports and tweets going forward. .

It is not a surprise to us that the method we have described from our previous blog posts aimed at this behavior's ZLoader 4.0 Macrosheets Evolution Hidden Sheets, Data Connections, and XLM Macros and has gained popularity.

XLSM leading to Parasite Stealer

InQuest Score

InQuest Score

InQest Labs Embeded Logic

VirusTotal XLSM Score

VirusTotal PE Score

Date Observed

Indicator Type

Indicator          

Notes/Reports

5/18/2020    

Maldoc Hash   

 a76b0b87bea1a1e760cb65790f0c89748b37210a56295ca7a4b96b549a0598b0  

InQuest Labs VirusTotal

5/18/2020    

URL   

 http://csgo-run.xyz/dl.exe  

/dl.exe

5/18/2020    

URL   

 http://176.96.238.140/gate.php  

/gate.php

5/18/2020    

IP Address 

 193.70.18.84  

AS16276 FR OVH

5/18/2020    

IP Address   

 176.96.238.140  

AS207319 RU MSKHOST

5/18/2020    

Domain  

 csgo-run.xyz  

csgo-run.xyz@regprivate.ru

5/18/2020    

Malware Payload  

 a5969850c72e45cffff2dcd7d6e80751f40dbc8fd4c48d653275503a7ea1e323  

VirusTotal Any.Run

VT-GRAPH


 


 

 

v4 macro all flash alerts
This website stores cookies on your computer. These cookies are used to improve the usability of this website and provide more personalized experience for you, both on this website and through other websites. To find out more, see our Privacy Policy.
Accept