Overview

overview

10

Static

static

catalog-249327946.xls

windows7_x64

10

catalog-249327946.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-249327946.zip

  • Size

    50KB

  • Sample

    210513-9svwq5hazj

  • MD5

    9fb95771c9a373a4afc46892b4d649c3

  • SHA1

    5be4ae213466a82c9039a2d8ee9186f1fd37f3e5

  • SHA256

    b2299ee96c552620067aa225f0016f141630f61eeb1aca990600f24516ae6fd7

  • SHA512

    a30d327d939de3e1e68599b4c6de084b236c8b585b19cc8b9586757eb61d7c88be19641cba02db9f35a6b8f84b8036335c90529016b0b9b1fc8c4a05ddf468ca

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-249327946.xls

    • Size

      367KB

    • MD5

      cf13acea71d8bd3d9472b0b975b56e4c

    • SHA1

      7e9c1effb17015005dd53085fada6a98ae816da6

    • SHA256

      fba379ecde6d8d1df67a752b8a8cd2ee9dce53ef5857bfa6a87282fb9d1bf864

    • SHA512

      04e3d95342a7540f75fb019e5eb016a258a4b05210196781e5d7ab7f6ba52ceb416f0b9ac0352477f79ee59284ce06da2d0d2f16e73b35a0129e0a68fc425955

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks