Overview

overview

10

Static

static

catalog-20...96.xls

windows7_x64

10

catalog-20...96.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2039169496.zip

  • Size

    50KB

  • Sample

    210513-2c8dmhkhhs

  • MD5

    1ca5a7431c839be9c4662d842c3996ea

  • SHA1

    d323e682daebd6b94853598bb9ca0ce266147d82

  • SHA256

    980643fb9054b3e222928f5a5fcfd53c2b1319ae12499f8ceb01833dc950d402

  • SHA512

    0af7dc30f4c82138c7a10c2465732f6441751456baf83a58ed2feca94c4e4bf0669e181041c910a7d6ace5ddaf870856b139bb52297f4e40e18e590339b196bc

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2039169496.xls

    • Size

      367KB

    • MD5

      2bda1337c502989c23fc8c75ada2c271

    • SHA1

      0a5930571088ad8f8ab7a51a5c057fc306b3fc53

    • SHA256

      39199c98bfedb5102657cfc5a6bebc7a82b26f9fd52b4e062e1cbf031bbb6535

    • SHA512

      ef36f008074fa8177e8965d3b660d21945c7970652a91afd81dadf468a4af94ad41d69af597316849b4906eba8e57ccc8ea088790513dba2dfc4655e4d6ac6ae

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks