02f1bb09eff0e5fce078db68f72a22a17f7f8941b25f7c940ab06ee69db67bb9 | Triage

Sharing

General

Target

catalog-239708874.zip
Size

50KB
Sample

210513-42rqa3vdkn
MD5

504a2ee8ff1ad1ffe170b01ced12bc1e
SHA1

0544fe35e42e981da08e40d79b9730f68140f58f
SHA256

02f1bb09eff0e5fce078db68f72a22a17f7f8941b25f7c940ab06ee69db67bb9
SHA512

06c864d2d16a1927c254e08ba4c0bd6dd5b01c93832e6472e53a1279374d7ca027e04cc4d03b9a321d6b10beca9e0fd14e8f0f8c93964573b2ab1dfd8a490aae

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-239708874.xls
- Size
  
  367KB
- MD5
  
  13875f29b7ba280e14e6610b11fdcddf
- SHA1
  
  48eeb3ed3fb29c9aaf4298c8f3eff4ebda75acd3
- SHA256
  
  a01617633840effc51c537ad85e4d98a3e436a93048d8b65d6847dac5db3f669
- SHA512
  
  8caecae1bb82dff9e7d106130881ddf5506dc778903def5fc2bcb696d830350413365410afb4895c1d45e16a88adce6582da51b375275c97ca65e97bd535c576
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2