aae537fa2b29733e866bd892c23d25934da3ae0cf4508b90525110b0ca2d407e | Triage

Sharing

General

Target

catalog-1961381841.zip
Size

50KB
Sample

210513-89pr62fada
MD5

7ceb10f4d541dafc67288b01d9397165
SHA1

48595e33f48dcb085712f053826688eb5fa7b192
SHA256

aae537fa2b29733e866bd892c23d25934da3ae0cf4508b90525110b0ca2d407e
SHA512

521e47190e3822c8a101210fcb22d9d0b4ca4da4e072b8b60db0fc7dc14e560eae30435c4f60acc5a660ac727ae44f61355ffaa933953e82ba96975ad0266b7e

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1961381841.xls
- Size
  
  367KB
- MD5
  
  184c75f59bde31cb026a36f5ab8bf268
- SHA1
  
  7e36273bfaa88362eff206f11ad1cf5e7537cd4f
- SHA256
  
  2a3c415258d438ef57d84f084f38bd2f46402aa1bc1c048c4a68c537457ca948
- SHA512
  
  eca4f1fb2c371aa5f05ccc722c582657384033f48e5822c86cc3468f84c789ee18a5c6882dc36672208319e00056600bd85e5e2e1db55d4965ca5e83029ca121
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2