Overview

overview

10

Static

static

catalog-20...78.xls

windows7_x64

10

catalog-20...78.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2020881978.zip

  • Size

    50KB

  • Sample

    210513-8em8fbxcm2

  • MD5

    82e4573ab0b66cba903ba02a595ad819

  • SHA1

    85bc99bca7127fd6f92a271e9c39521475973544

  • SHA256

    79c710035d6c84916c7a6bd307e46e7ffe83c45fa5528742382163cc820f069c

  • SHA512

    e677c23441380fdad473f32e093cf10acd3fdc98b33911978de6031d1e588dc59a456914301cc62d454e248840a19662de3c4141cd35028c823e344232168084

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2020881978.xls

    • Size

      367KB

    • MD5

      5a2568db8e7c6a6ca1d5fa3fa0551fbd

    • SHA1

      407b216f063b697c7e7a11a0bdff3aee0db9a4c2

    • SHA256

      959bf91990f85486ed20a9107aa06a661d11e4acebfebca1aa1e50f96f3b446b

    • SHA512

      57479d7287bf0252c24287c6c4526439618a4aaefcf57f380c3f5826f3c1bb224d8fed6ab07153e0bea8e68f4a6207a7dbd4e2be9b56551cb4e7466aa21cf3db

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks