2f5ad87ca621ba86da08c970418fa590b0984c7957452a6f7d375428bc78ef39 | Triage

Sharing

General

Target

catalog-2115670034.zip
Size

50KB
Sample

210513-1tebmwt3t6
MD5

5df4b7a8db430cb07c350a106cdd2ca1
SHA1

d0006f690a02ac83e3740c1e1f3667bc8a3c0c8a
SHA256

2f5ad87ca621ba86da08c970418fa590b0984c7957452a6f7d375428bc78ef39
SHA512

bf99bf9f55865680528329059732f9731fa21aa380e1801cb68007045df9789e3614ac39c7687ce71b641d479517664692d9b72a804157b91fc353c5668128e2

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2115670034.xls
- Size
  
  367KB
- MD5
  
  f0b092131d6b7016efbc32bf84cce367
- SHA1
  
  088141d18f2104b32cc47738ce1cbf65f087bd45
- SHA256
  
  7c0121adb5e286bca028c60c7b52901ac50bbc47dd8ca3e5a0b7189fbd05eeb3
- SHA512
  
  9c323717cd2ae7b90625330b692ee747f37565f0d6dc4bc2cd897ca3b01e1e7094f860ccea2fd80c762390a917371546e61bd59bc245dc0ac8b06ee44a552a32
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2