2baeb3576e4f42f74968ae728732ab1cb30ffca36edfd70e32d537e22151810f | Triage

Sharing

General

Target

catalog-251600736.zip
Size

50KB
Sample

210513-8v1jzaelhe
MD5

c2fd800c921ec0f343050bc54024a202
SHA1

8e8e9cb4bc1b8acc171763e1056cc0138864bd35
SHA256

2baeb3576e4f42f74968ae728732ab1cb30ffca36edfd70e32d537e22151810f
SHA512

b3e88ca91c13cd1ef13bbcdb943cd18ad9c5e948650f7a9dabb4d7a70349dd3acfc2cb71b4da39b56ccaec52856162cb3c6cfd80b94987f60a77dacab213dfce

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-251600736.xls
- Size
  
  367KB
- MD5
  
  28ff2bde282c2e93649cc6dd346d8b29
- SHA1
  
  194bd0ce6848ba4cf7a5d23379e7e6c6ca39386e
- SHA256
  
  c2cefcde2083a82c2532d7c33549fa855994f425f5a0387b0121e60c9ce02155
- SHA512
  
  2018f4823fa7eb4858db32d82884e1481822412fa6f3db36a8ba61d4048ca3bbfff3225a0d0482e77e85fec0bd2f9c02b41809364feea38c4152a1dab0ce0138
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2