Overview

overview

10

Static

static

catalog-19...79.xls

windows7_x64

10

catalog-19...79.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1990066679.zip

  • Size

    50KB

  • Sample

    210513-4a7wlatn52

  • MD5

    5ca1f4d002913698aad81e5eacf4ea00

  • SHA1

    65c8a7d0d17141fa6af318a52f5891366db0cd57

  • SHA256

    3c551081fc66ce8d85cc36f034803fd7ee80b5e760e4f7d4ed003a55a868bc27

  • SHA512

    d0f80ba3947aeb1970c55b4b3b994579e87fdb75d0b5c41a8999f7cdf97ab7160c9d909de6111441515516723b661a6f810eb34e70a0db95323ea4f7560eb030

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1990066679.xls

    • Size

      367KB

    • MD5

      85e8725a1421148510d41f6e1a1ef2b4

    • SHA1

      7a34ecec8ba31a5c702a1720d1851965ed932209

    • SHA256

      9fa200c32c60996bcad7592070483724c329596fbc7c157ee545e06ed2dca1b5

    • SHA512

      f951a4fc2133b54d6742b6fb8e4bb59453428dd6876dbb76e7058273159f787111a7157dc9168074334613b92d1429a5977406a153e6fda12440f808829cb4d5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks