5492fc63299b0e583cab81e581b018cd8b5f9617553facf1b8550bbdb2296d83 | Triage

Sharing

General

Target

catalog-1974084027.zip
Size

50KB
Sample

210513-21thj16jte
MD5

6125158c1ff73363a0826a66ee77ac74
SHA1

a65eb3636fd683a9582115933c13cb713cf50088
SHA256

5492fc63299b0e583cab81e581b018cd8b5f9617553facf1b8550bbdb2296d83
SHA512

841c226647f553abae03d605969cdd69146029a10d30f72132fd9e1d18685eff8c3732fbdfc8a954d88135714d1b93dff1034619155fe4798aa3cc086b9e0777

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1974084027.xls
- Size
  
  367KB
- MD5
  
  1092548fcf25281fc11de9003bedead1
- SHA1
  
  84c232353576980642cabfabc6d1a66de9628a7b
- SHA256
  
  218b7c08823afb945166d0d13afd4703bb81e1f61bf530bb41a06f266f0a427f
- SHA512
  
  03c351e8f48f4f495b97808f0cebcdcc09d6bae06ccbd7f3041fe91f306aa12f11771c0df4fa34a602004082c06185114660ab1eb24087207661f18518a6546a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2