8288235075d2f70e4d7a9e2ed121214ec32674ba8dd15c9f6e25ba9396af0cc9 | Triage

Sharing

General

Target

catalog-2084872052.zip
Size

50KB
Sample

210513-64tjarqjte
MD5

32717cb8c39ad37ea9c052205f50ebaa
SHA1

cc03e7107c5d86ebf1bc7dbb1ce46f7d6217f154
SHA256

8288235075d2f70e4d7a9e2ed121214ec32674ba8dd15c9f6e25ba9396af0cc9
SHA512

9a28ea75a423c221741cf4fdc21a7c04260f02e5ab34b44f006bc6b97bb4ca457e6877a31b43253dc857ad5d4ebf4306e61f83d32661a33f1c5d7b9f4f39def0

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2084872052.xls
- Size
  
  367KB
- MD5
  
  462b8e4aef06cfea1f858e9d44f111df
- SHA1
  
  c963d7d8a19de64cfde44f6dc496e799d1d8e39f
- SHA256
  
  a45bc9e83209a1bbd5ff5b69ba1671a537183db2ccdb12572ee711d32404c5a9
- SHA512
  
  9dafd489baf4d82e037efde398cb5ed3916e3f6211248b2ade62cb712f4cb631f3c83e74ff7ea3fc0ebb522a98cfc6077bfd4d79d2d724fe44a27c7bed234f59
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2