65bed6345988384a572ab7c53ce64bf0efd527884666a273506b7c06e564e834 | Triage

Sharing

General

Target

catalog-2082234753.zip
Size

50KB
Sample

210513-a2af56pzjj
MD5

d57d5ab78a97c36a21c4e5634e0d8c24
SHA1

9c808eb9de88ec3bb326a524f6aaddd8274f9a41
SHA256

65bed6345988384a572ab7c53ce64bf0efd527884666a273506b7c06e564e834
SHA512

a455efc7e65d27fa2f435d4a4c1e21f0ac96232501163367210ac4d950da6ac65aa11fb3803d96bdc164ea282f6aab956b0d64841529d11563499029bc429555

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2082234753.xls
- Size
  
  367KB
- MD5
  
  377979b8ec401411aff27b271837a30c
- SHA1
  
  19da1a5260761083698055a6151dc9af8463c25f
- SHA256
  
  9f19557269565477a97fb8095c3449c3e9b61bf75a8ea5f67a445dab68854392
- SHA512
  
  7f890705b6cdad0e9ef5dfe3df06d4ca78de2f48c35efa7607926c93dc60bf8563b4a94e1836276bc76ad77bffee85a7eddd26579c9404510d056b1855dbfa0c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2