eacfc6f374ce38cbe943381ce1de70b464040810d0db957000d530b748467b1e | Triage

Sharing

General

Target

catalog-1958407232.zip
Size

50KB
Sample

210513-3r4r3vng3x
MD5

a2fff221150bc231c96c37ea1dc3c805
SHA1

3ad29b305795cb99db27e1d1c3557b20b55089f9
SHA256

eacfc6f374ce38cbe943381ce1de70b464040810d0db957000d530b748467b1e
SHA512

e20e3aeb0805cda2f270e9e6e4fd41ee8d3d286c58c544dce3acbf9064fff915a4c4eb6c91dcb9fdabf59f5084d434bb7072eef57036ed0b64e8de406bd82abe

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1958407232.xls
- Size
  
  367KB
- MD5
  
  75e304fe3ada4d56db31700cdbc8ad62
- SHA1
  
  4f6de51a0f66931b5e8d30b8ae7304a05dd88e8b
- SHA256
  
  2d1061706cdd523a691acc98524121c84d5751eb61e5a45b3e4a1e14da2ee649
- SHA512
  
  249672c80af437badab0b819b9615d1dcef1d992ef470e3adec37eeadba28e5d4a30072643aa78e07d3252846412e0d4cad8cc13068b0fe13f9efbc9ff47f9d8
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2