Overview

overview

10

Static

static

catalog-18...67.xls

windows7_x64

10

catalog-18...67.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1883594067.zip

  • Size

    50KB

  • Sample

    210513-3lzzcall6n

  • MD5

    20a0557c8b7d92a583a0d259a30af047

  • SHA1

    d452a30fb56f270f38f983ab9745751f36754943

  • SHA256

    a1e627b81d0b30ecae930c65bd379c718115078df42865e1857abba9d072f18b

  • SHA512

    3f9c20eeceef15dceb843459689bae1e6b9441418fab95089ab1b0a18118f7bb5aecf03f0b877fff3d0003174c95e1bf038625bd503362a90b3a2d4acf149569

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1883594067.xls

    • Size

      367KB

    • MD5

      bafbbca2c0f5a2561c5352ece5aa3d06

    • SHA1

      b9002c5a23d1b0b9411b0364fd852943c05a8b7c

    • SHA256

      8ff651a0e58083eda5a8a8725c5ec9be19f30dd261d6aa028fd32c51b44a54c5

    • SHA512

      e04be0978e3176e13f80ab49fe2f2b0cca08c0e7b0af3a7570a5e90b1cb23b9ae3f0439410fb6f75dcc22f49ad80bb236f03afa4fd86d1830c8edf80044db77e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks