General

  • Target

    catalog-2106987967.zip

  • Size

    50KB

  • Sample

    210513-8waywb8e8s

  • MD5

    0e79c8e04fddcae5765ae77081b37248

  • SHA1

    a3290abc1dae817a9852a1332615e64e93d40ac5

  • SHA256

    91e83311bfbc9bf1d667087a2773f80c46e5fd5c36b83315f7401f90e82d6d4a

  • SHA512

    7c8acf80ed23009b6714cc7cd4127ce318c39f237a9c2f9eaaf7f8e70ebdaa1ba43e886d87ed1dc31bb2a5f1522b630ec7fd4821dbd6a38b6392994f9452e0a3

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2106987967.xls

    • Size

      367KB

    • MD5

      da6fcc74b5353a2e865b1effbfe2ff6d

    • SHA1

      166c15b9f39c99aaa1203440e6e3beccd86cf2d8

    • SHA256

      50191bc455248553b3122cc7d3fbae170be31628d466786b60839a674e3c2e3d

    • SHA512

      3827d5db48f0ad6c96b27108c118fb29cd0b5b4ab2abc5ed896f90aa83326c0b8f95e40e6eeb3e6e0a505d3b7b8efbd09f06bdc611dfa72c37e803a679af3c81

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks