We wanted to go through and release some of the more interesting examples that we are running into regarding the era of the hidden (very hidden) documents, which we will publish in more flash reports and tweets going forward. .
It is not a surprise to us that the method we have described from our previous blog posts aimed at this behiavor ZLoader 4.0 Macrosheets Evolution Hidden Sheets, Data Connections, and XLM Macros and has gained popularity.
XLSM leading to Parasite Stealer
|Date Observed||Indicator Type||Indicator||Notes/Reports|
|5/18/2020||Maldoc Hash||a76b0b87bea1a1e760cb65790f0c89748b37210a56295ca7a4b96b549a0598b0||InQuest Labs VirusTotal|
|5/18/2020||IP Address||126.96.36.199||AS16276 FR OVH|
|5/18/2020||IP Address||188.8.131.52||AS207319 RU MSKHOST|
|5/18/2020||Malware Payload||a5969850c72e45cffff2dcd7d6e80751f40dbc8fd4c48d653275503a7ea1e323||VirusTotal Any.Run|