General

  • Target

    catalog-1974084027.zip

  • Size

    50KB

  • Sample

    210513-21thj16jte

  • MD5

    6125158c1ff73363a0826a66ee77ac74

  • SHA1

    a65eb3636fd683a9582115933c13cb713cf50088

  • SHA256

    5492fc63299b0e583cab81e581b018cd8b5f9617553facf1b8550bbdb2296d83

  • SHA512

    841c226647f553abae03d605969cdd69146029a10d30f72132fd9e1d18685eff8c3732fbdfc8a954d88135714d1b93dff1034619155fe4798aa3cc086b9e0777

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1974084027.xls

    • Size

      367KB

    • MD5

      1092548fcf25281fc11de9003bedead1

    • SHA1

      84c232353576980642cabfabc6d1a66de9628a7b

    • SHA256

      218b7c08823afb945166d0d13afd4703bb81e1f61bf530bb41a06f266f0a427f

    • SHA512

      03c351e8f48f4f495b97808f0cebcdcc09d6bae06ccbd7f3041fe91f306aa12f11771c0df4fa34a602004082c06185114660ab1eb24087207661f18518a6546a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks