3/48 detections on VirusTotal
as of 04.06.2024
The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload
Then the malware schedules a task that is only executed when the user locks the screen.Â
VirusTotal Code Insight reports that the sample “does not exhibit any signs of malicious intent”
Â
Sample downloads valid PNG file with hidden commands
Â
XLS → Macros → C2 → PNG image → Commands
Â
Schedules task which is only executed when the screen is locked
Â
schtasks.exe → Wait until user locks screen → verclsid → DLL
Â
Drops spyware
See why we think this is malicious in plain language.
See the whole path of the sample’s execution
Map the malicious activities on the MITRE ATT&CK Framework
Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams
Download the IOCs and artifacts to have a clear picture of the threat.
Download the files that the malware downloads, drops or modifies.
Explore how you can use these insights
