Overview

overview

10

Static

static

catalog-296152941.xls

windows7_x64

10

catalog-296152941.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-296152941.zip

  • Size

    50KB

  • Sample

    210513-7x2gmscmjn

  • MD5

    8015220371b8566e7cfb5799f8bc6423

  • SHA1

    957ec1977680e6d33e197b34cff842b184f6b7d0

  • SHA256

    18e282a237c2dc56bd1a0235f8c0d91d8d6e0983b02dfe8511e6a0a685cf6b15

  • SHA512

    981da5d3211f64ed625b24107660585653ff7c1275cbb75a393cc8a78abd95c5e58fe451d53f016989671db0a8be28ba840f90107c21c06eacfb58e277ed706f

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-296152941.xls

    • Size

      367KB

    • MD5

      96caaf2b50d605d6a92c66bde1b79272

    • SHA1

      9e5fc10defb95343518a61bd345968cc4a2592b1

    • SHA256

      4a74f2d4eebf9fa47569ca731eb3aec4996628e3d3e0e3de05857dd742e7da77

    • SHA512

      de85398331998a1c32a45ec66683b3e16cda8e555567906022643e74dbb5419e895c4f3798f38cdeb1549fd1fd87c63e437c07166d10460135bade158388f82c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks