dc5d90d4837641adf14d2aee911bd737fe1bff393bc30fab547a64ce4fb39390 | Triage

Sharing

General

Target

catalog-2040322549.zip
Size

50KB
Sample

210513-5b3v9zzjce
MD5

368607b1f5cab02d703d7f4674f39f08
SHA1

1b662c855f140f3539226af83d9756267e5bb238
SHA256

dc5d90d4837641adf14d2aee911bd737fe1bff393bc30fab547a64ce4fb39390
SHA512

5127399976cdd476023d1271c5e464fc84357a5a2070bae394ad0ba77c1ccc2964596752d58725a29027e50a14e969e61d05a74e9ac8dd8a64e16dbcc672dd59

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2040322549.xls
- Size
  
  367KB
- MD5
  
  50c1580a306c07dac9cadce84c10ba18
- SHA1
  
  4b856d6fd47f4ccca6832707bbbbc8a8488b2cbe
- SHA256
  
  0a1be708d3d3a6695b965eaa0607e2fbe168c79ad75ab5c7513dab5de1a10802
- SHA512
  
  eb76d33cc3f2222c1441a9be09b635fc2277e20d5a36e68dca4285504aa6aae2f47a2a9a9964a57d73d5df46853ca38b6074b43f071aed933ed8ee54217e2720
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2