Overview

overview

10

Static

static

catalog-18...58.xls

windows7_x64

10

catalog-18...58.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1892192358.zip

  • Size

    50KB

  • Sample

    210513-5c2msce1dj

  • MD5

    51583c0b978bae4d09e2798d98c02a0d

  • SHA1

    b268917878ed3fedb52b46e5f9fa5f719f7692ef

  • SHA256

    3f05c94522a4532273c042ba5e2339b1024413223657299e0fbb426cc8f11eb7

  • SHA512

    d2acc5ae78391eecdfa9177f3fc3f78b4f2ea3e4123e8c17a6909979d344887496fd50663683204751b7414eb2844c5903f77ff45070c02e1e43d7738af59a5c

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1892192358.xls

    • Size

      367KB

    • MD5

      84dd120e9e82abb3970a1c49077afaa1

    • SHA1

      9f7c3a1b1131e667f86f73a7c76e48f93a80fdd1

    • SHA256

      06b365abe6392e6ae9654dc03186b70c42da190fcb48ef5530e68f4491f9c028

    • SHA512

      e0e6c91adbcbdb1497b53bfeaa321fe27849bebaa034eda15da7c46ee32cea10809845d7a93c91ff6c042ddd9e991d279f2fd18492131bc127ed283ce3defa9c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks