796465749f8701764362673cce8967449fcbe5df95fd172fc7d34fdf448ec568 | Triage

Sharing

General

Target

catalog-274433653.zip
Size

50KB
Sample

210513-2rtpl1s6yj
MD5

ecd91eb6a77f41c2816b5a1259bd7523
SHA1

17de4f797f85adb86794b2e4b8d9a9592aff86f3
SHA256

796465749f8701764362673cce8967449fcbe5df95fd172fc7d34fdf448ec568
SHA512

d79dc7c26d3ab2c6150f9f4152028efed8f8567117ec19a24669364483c835765dc029c71c2f45a89fa05a79d44caa2e8c672ccba5a2492f879a0e24abdf815f

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-274433653.xls
- Size
  
  367KB
- MD5
  
  7311727df7529a293920042610dafa44
- SHA1
  
  46f47db43251e6e88a619c0ec08daed44e18d13c
- SHA256
  
  a2b9ede8864b03fbefae06fcbfc6f5bb6a780f98833c6abb3afb564a60b6bbc5
- SHA512
  
  5aef6d621fb68b081d070f0e90b1c24260bf833115d2aaf173c0a2125269219aad9d0c660b834700c5c52ea25bc244ed5c60358d334b6729ac680a83caed55ac
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2