fdda71198f187373f0ce4ee0da393ff09c1efd566fd43d6a29be653b176cf38b | Triage

Sharing

General

Target

catalog-2144681670.zip
Size

50KB
Sample

210513-7hdk2m2hvn
MD5

b858c93d258d5b0d917f4c5c2030b3df
SHA1

effbb269bfbc8401c36bb991a73fedbb621ca2eb
SHA256

fdda71198f187373f0ce4ee0da393ff09c1efd566fd43d6a29be653b176cf38b
SHA512

8d608cb4d70a2940a46ad2a967515d610582b1d5c695045e40eddce022d800ee93a10db8f62bb32fbd36793bd27c64b5cfcec7f0c0bc4bc02fa2257bed3e0c0c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2144681670.xls
- Size
  
  367KB
- MD5
  
  6e960dae73245ebca349f9c731b3c31d
- SHA1
  
  ba6eefa2b94aa93fc339a7a82387c98868c7dfd2
- SHA256
  
  909e36e5cb85d6175de3897595fef42d7f507179eaf7262a3b7056f08231e3bf
- SHA512
  
  19dcde2a7a0644aadf7067ab6bf66b1f08542ce564ae407d3f0101d4de2967b04d65a515fe3e2c78dac4665919243b836dcb42c04b6d9732444794600c11016f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2