802bf6f32b0cb1a3fa205a2d41e40302074c18b029b5e86337bf8a8282ba2d83 | Triage

Sharing

General

Target

catalog-2130173166.zip
Size

50KB
Sample

210513-5vdfwljmgs
MD5

baec8060801b3715aa98655b9cfb4125
SHA1

af14e33e4bfc60bc3242d7d43c3c9c3f6738f1d7
SHA256

802bf6f32b0cb1a3fa205a2d41e40302074c18b029b5e86337bf8a8282ba2d83
SHA512

80abfe153d4addc1ee934e467fc5a6d63503db53a26b3796527248b14bcd08008b7fc0d319b4aa166e6a4f6f4edfa01cb68e7a41ab3d17079dd590d6d7ce0cb7

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2130173166.xls
- Size
  
  367KB
- MD5
  
  53d62280b4357ddc1fd58b0f66201b47
- SHA1
  
  c77b029d908a68b23598633f1fe873e28facadab
- SHA256
  
  14eb4a357260e2433942963faaccb8fac37ca7bf2c215ffb1b77774da51ce592
- SHA512
  
  3f29a42ec44598b0bab7cf7b00c0d71600cedfca6e2ff223ea79bfc066051e46d5ddabb9583d06191a43adb2137072ba576481d2335eaa1448c65092af7758ad
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2