Overview

overview

10

Static

static

catalog-20...84.xls

windows7_x64

10

catalog-20...84.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2039293384.zip

  • Size

    50KB

  • Sample

    210513-2jmallylye

  • MD5

    fa34f0ac084493dfd7279070393a668a

  • SHA1

    e10423c680d4e055f79501ae7a5f8523889bcf03

  • SHA256

    f953938db5aa763b3039c92c585da82c298de5e48d4c552d7466b7ccaa04e5bc

  • SHA512

    9453b9365fcac6191799b58a7a7358d242986105f8c44ca8770bce27155484c30e71cb4a0f18d34e5ea4dce451ead1d84a04414533fc10e8f3cae8f91bbccd5f

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2039293384.xls

    • Size

      367KB

    • MD5

      450343e702838aae649c1392992c689a

    • SHA1

      0c41c17bde6add3c840f55ed92550cc45835f2fc

    • SHA256

      ff9e6980cc78f1d3b9518a0f9814962bcd7b1edd36fdbd567806a51a9f411b78

    • SHA512

      873a81aa933c2e7d9b7d37ea09740b614a88e4535d44378fbfa3c554b7b853298a242a9ff0168c23103f7c1bb1f8468c0801ec2be32f5b03f4af8341748448d3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks