General

  • Target

    catalog-225145695.zip

  • Size

    50KB

  • Sample

    210513-224zlytwcx

  • MD5

    da956ff8d8548c70e8858af87af4c19b

  • SHA1

    d0a8245702ebaf0c7e935fbdf86ab150d357f88c

  • SHA256

    dbad9e585e2fc8879233167325116f93ebcfb7a9dd91e77186f8630608c99edc

  • SHA512

    ea267ec8e6b13ef7da6cca088991fce6bfe77b1a23556674c685055a92cba2d4ef32d492dfda05515771507fc06c23a5a4de6b6c56e6aa51c8c99da1fe462cee

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-225145695.xls

    • Size

      367KB

    • MD5

      405bab43c323b0b782035b1d323e7b80

    • SHA1

      80101734e0564859e633bd8669abda8358297d4b

    • SHA256

      4d956bbd0c66b921211e71c7e0eb920adcd49c9dc67ba16298b14fb15160a32f

    • SHA512

      31abaedeab3d56f8470ea951ca07b5d6d1492eeee4d1708f05243ae6a1ed4816ec82601dec220b3353665ced69ddbc827d9e09c6ba88aad728efe001a3d3d13f

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks