Overview

overview

10

Static

static

catalog-19...20.xls

windows7_x64

10

catalog-19...20.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1984022420.zip

  • Size

    50KB

  • Sample

    210513-34rdhtn5qs

  • MD5

    d4384da84498f29315edd7a6524c15cf

  • SHA1

    ae8644e82165c4b7cf21e9777a4ef901e47320c4

  • SHA256

    3a8d3c58902597ef07df41c9ff771848f1cc7a49c51ca6f2228d940f0b9ff14d

  • SHA512

    8c9d337a786661252173035d5873ef9c3ace2b2038184d34ec45c801373778fc2eaba232ff1d694eaa461663250d5b5dff8e1f8ce9015a4f6b7d5f969966fcbd

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1984022420.xls

    • Size

      367KB

    • MD5

      06850414efb83142e35b86c940dae78b

    • SHA1

      6a9ab6fe061cb0e355aba24221bd8c9ac2653130

    • SHA256

      5be9e33e7fe2676079254458bfcf2f29c3f386417730bda392ce69d808b29eb2

    • SHA512

      24a04b375fb17b008867863cf15dc3d88e7d1b435251e3273a944b18eb93e8424439e8ad59b4722021ed8d18229115d942477ace11f610c85b0345157a09fd9a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks