8ef58d81eb54cbbb4a79a4d85f74e462b975bcfd3bb80f7040a38f5899a3c5b8 | Triage

Sharing

General

Target

catalog-263199365.zip
Size

50KB
Sample

210513-9n1mf5w3va
MD5

1f8d0640d336e8ee616fcaba1058dadb
SHA1

57440f684c0d6a9f384b093daa488a284c8acdb1
SHA256

8ef58d81eb54cbbb4a79a4d85f74e462b975bcfd3bb80f7040a38f5899a3c5b8
SHA512

92084d5ddf0fbba40cff595840a9b5b05439ecaa55d65bfd7d233744b31c1cd8c3a22b57931f24a7ee60849f79ce2e2d35355260c97fafa15513983472347904

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-263199365.xls
- Size
  
  367KB
- MD5
  
  e4c3d22d87075c1935817d78ec583cd0
- SHA1
  
  23bc94177ffe205d6cee2b8efb88296485bb5919
- SHA256
  
  1d91a011f2596c3bdb018304f7a0a7c6106f4763a3a7d1f3848f379ff69b88f0
- SHA512
  
  229227a3032dd12945f38d7c3a0951b3cd0e0fe4178c33cbbcefa05b9c9c68dd80ee321d04fd67cc4e4e696df4e8041800feaf023a551801f2a5405d0d2a5018
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2