Overview

overview

10

Static

static

catalog-19...28.xls

windows7_x64

10

catalog-19...28.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1970196328.zip

  • Size

    50KB

  • Sample

    210513-42m5xwrrr6

  • MD5

    402c0901ed089ba88d5467ed3d0091db

  • SHA1

    03186978549c1f1e1209f1d2a31706c25b105a48

  • SHA256

    14fbd0ed3338c4f886f2704b1f4e2865acb6aa52421341741d458e498be1f3a7

  • SHA512

    fb1f7d54e475f62271dbbea6d66f4b583b32237743e735393549c5f3a7ab21d755e10d638138993abe9c01336cdc6b8d2b48817615b08947fdfedfbe63afb70b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1970196328.xls

    • Size

      367KB

    • MD5

      2d9143cb87e41f473e04d60c6e07a20b

    • SHA1

      68d24174ceca06ee8617961f75d8c90283536c87

    • SHA256

      f47bd7b569e7c560f3020da4174f039d122c724c2cec147fb7c040c9b53a8254

    • SHA512

      4a8ad747632cc40beefe51de2af144c8323646c38eb75cafa63439520b81bb5f70f1ceb5adfbd282af8404630b8fc4d6630c4b54da57ccfac5893ebd49b66c1e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks