8daec55333b8697879b04188bd206839a7302969e245bec9ddca6860e4f9f51f | Triage

Sharing

General

Target

catalog-2035363419.zip
Size

50KB
Sample

210513-37lf4ng9aj
MD5

f45eccb98135db06c2b93a8c5cddb559
SHA1

cd0183fdc9ef1b310c8992b9f9e108d8e24df51a
SHA256

8daec55333b8697879b04188bd206839a7302969e245bec9ddca6860e4f9f51f
SHA512

43dac1ef4acd8026f914f0c77359a0ba03ccf21ec7d7fdd2d55f94abd380ff9d2a65c281bb6b09b7796a4286de1426704a38851f952986904330e522130b01d0

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2035363419.xls
- Size
  
  367KB
- MD5
  
  b1d4572d1d6bd8e548d6a4115d960021
- SHA1
  
  692f007e17f7a8c2270be4df514fee96341e77f4
- SHA256
  
  0efa51ef8288e94835b5d2bc3b89663aa913a07c565db2a3c51b80adbdadfb40
- SHA512
  
  8c68fe9065bb4149000f3b2354257ff6993b7d417960d366805b72a17fe36e4bb8262b51ccebea20656a3ef9b4206f98eef79408a21b7522071ed373eaee566d
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2