79c710035d6c84916c7a6bd307e46e7ffe83c45fa5528742382163cc820f069c | Triage

Sharing

General

Target

catalog-2020881978.zip
Size

50KB
Sample

210513-8em8fbxcm2
MD5

82e4573ab0b66cba903ba02a595ad819
SHA1

85bc99bca7127fd6f92a271e9c39521475973544
SHA256

79c710035d6c84916c7a6bd307e46e7ffe83c45fa5528742382163cc820f069c
SHA512

e677c23441380fdad473f32e093cf10acd3fdc98b33911978de6031d1e588dc59a456914301cc62d454e248840a19662de3c4141cd35028c823e344232168084

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2020881978.xls
- Size
  
  367KB
- MD5
  
  5a2568db8e7c6a6ca1d5fa3fa0551fbd
- SHA1
  
  407b216f063b697c7e7a11a0bdff3aee0db9a4c2
- SHA256
  
  959bf91990f85486ed20a9107aa06a661d11e4acebfebca1aa1e50f96f3b446b
- SHA512
  
  57479d7287bf0252c24287c6c4526439618a4aaefcf57f380c3f5826f3c1bb224d8fed6ab07153e0bea8e68f4a6207a7dbd4e2be9b56551cb4e7466aa21cf3db
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2