Overview

overview

10

Static

static

catalog-19...25.xls

windows7_x64

10

catalog-19...25.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1955748425.zip

  • Size

    50KB

  • Sample

    210513-6nacmvjzfa

  • MD5

    05c2416c6ae9da276fa3c8d92d6abbeb

  • SHA1

    248ef439bd2fab95c89c813cd8d183d7338b977f

  • SHA256

    3be050cc450cd5b5d94c1e34828c18960bce8cb36c1526da340b722c7f98eaca

  • SHA512

    447f0785addf9c2b8b83208f2a2ca950542bec290b017b575d689aa875feb082e08716697efb3b6df0d78a8c7a154faebcd8ec22f431acaae22c8b22785937b3

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1955748425.xls

    • Size

      367KB

    • MD5

      29c7134c1941f7e62cb9b00c697519c8

    • SHA1

      0f8d9a2cca75ec8e32c8d67a92ab70b97f486752

    • SHA256

      63a129a529986bd0d5bfae4ba311458cbbf0d56e1e06b73783dea854d6965ec4

    • SHA512

      fc5efdb0dabe6f993aa86fd80cf1197e6bf129927b2df3e6e11699bacdd04981e684d23e135cc391c6dbd082113ec3f444ad03c82fe891924c3773a2d598011d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks