690e2805a6aa9691f49335dc15820cb1ae5ba390a69bebe627c31d1ac4153041 | Triage

Sharing

General

Target

catalog-2078303863.zip
Size

50KB
Sample

210513-4grhrxjyps
MD5

734137068dfc58fc9e223bd8367a4e83
SHA1

86b3632646a0e3edee1df5b3ba6974adcffdd897
SHA256

690e2805a6aa9691f49335dc15820cb1ae5ba390a69bebe627c31d1ac4153041
SHA512

5480a825a324457f7b00d93a6e12073afc2bfe527653c134b0655ca238794015a5c58cb506c8deb4be4bfabc54ce0f0267fb9aaa24f91f05fcfc512f5405f4d5

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2078303863.xls
- Size
  
  367KB
- MD5
  
  e23327247bd85149505a3d31708585b7
- SHA1
  
  99af576e545b21217641c8ca2ef49b2028715b37
- SHA256
  
  a26f8d349c4a429f8a8eb4d3eaecb5366fdbfdb09d39aeba806c58e4a1f8d897
- SHA512
  
  dfc74a7eb8f9ae0a9a6427436fa8dde95e07453b7c58bc96e6d01f6ef16c0a39d211283bb00b07e457353c7cbe4d7645cf3d8e178a6115d05b1ecbc2163dcc05
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2