Overview

overview

10

Static

static

catalog-20...52.xls

windows7_x64

10

catalog-20...52.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2000669852.zip

  • Size

    50KB

  • Sample

    210513-7bkj2nhr5x

  • MD5

    8eac2db1c824b5f3d2f9d9120722fdaa

  • SHA1

    bf5236bdbb7b12b30a25de7bb3149eb5798b4e3a

  • SHA256

    087e38ca1205d98291f529bea097466be1290b11e10d83a427268e7d14814a00

  • SHA512

    1678f7275dd99b60229d2387e80b5de5855360292bc246fee7e7da6d701c9333bab5954607d92b6f609a223694781c7531ed510b354c03f451c23a0957ec237b

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2000669852.xls

    • Size

      367KB

    • MD5

      6ab06abe69c7f2a6e6265d914c1cb117

    • SHA1

      3cb89cc4786f91518abcaa1365ee89e42a024467

    • SHA256

      faced1e805ed68a5a43c230314111b5bb1eef77588672f9c8e4a58676a346fe2

    • SHA512

      d15c41e6e82e2daa846ede1d8cbed0e505edf7a5d447442e848bbbb9d488033092620662af73500d27bb18a6719b857bcce1d8ceda4f2a893ab804eac345b824

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks