Overview

overview

10

Static

static

catalog-19...65.xls

windows7_x64

10

catalog-19...65.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1991842465.zip

  • Size

    50KB

  • Sample

    210513-9sd14xblfa

  • MD5

    67977cbf76e3492ff36d185801dab73f

  • SHA1

    1a5c8f4f4f4b9f7f2c493b99647c595cd70466df

  • SHA256

    b14d9418b6cb47b3ab9a4229a3744aa0a7d4b43a51cf82a3662d6fb8f343adf6

  • SHA512

    91a47e667dc57eb327ccc5548e9e65259b15b93b5e33708c02bba905b01e2afd5ff35b2c211e4abf31a1730e826609a3086c656baed77e00820e8aef572530bf

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1991842465.xls

    • Size

      367KB

    • MD5

      72759ddc7fbcb48f6ef2f44f42672d1a

    • SHA1

      38a1e787b4462c596b29db51a0ff6e7ac96178d3

    • SHA256

      f6adcf3e81309cade19daea5b1264bd7c230c72016314bc4cd5d49a1b04e2ff6

    • SHA512

      e707d19cd662087641c5c9faa2170386cb651c71fcd2a8399be496d420fe2478a9d52348a82ed9e365a2e4789bd394a84eb2f3fe95a030d72c1e833787cedec1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks