f34f9ba0e580ff3d1c82f4f194086dbcf69a6bfe28b0092d40f7cd045fe3df0a | Triage

Sharing

General

Target

catalog-214102172.zip
Size

50KB
Sample

210513-78dlk84v3n
MD5

fad6c1c3c0348c09e19072a2d5ebdf80
SHA1

fe6281ffd7f6b59895eba7c58b9fd8a887fba79f
SHA256

f34f9ba0e580ff3d1c82f4f194086dbcf69a6bfe28b0092d40f7cd045fe3df0a
SHA512

9792e35ae4aadf19966f9f20fe36d66e6b682ddb01ca5426191ee65186c24e3024a7ffc6851b9a332e91ec0f23b4b57bde5bbd8af4a695d30490e73da6ed77e4

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-214102172.xls
- Size
  
  367KB
- MD5
  
  17400c8228e497eca5360a94d71fb694
- SHA1
  
  781bb1feaf35179c86e650b0d3213f31129077f6
- SHA256
  
  21f1323654996ca118b8548fdffdeb85bf4d4f73f072cad17552a9016f86a335
- SHA512
  
  be67c9b788c6a9f7b3946182bd309d1750c390caf3123bd669e9bfa76c81ad4ada0f5f02852864da9f4dc791669877b5274d07c22ed5ac44123de8af79ed760e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2