Overview

overview

10

Static

static

catalog-20...53.xls

windows7_x64

10

catalog-20...53.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2082234753.zip

  • Size

    50KB

  • Sample

    210513-a2af56pzjj

  • MD5

    d57d5ab78a97c36a21c4e5634e0d8c24

  • SHA1

    9c808eb9de88ec3bb326a524f6aaddd8274f9a41

  • SHA256

    65bed6345988384a572ab7c53ce64bf0efd527884666a273506b7c06e564e834

  • SHA512

    a455efc7e65d27fa2f435d4a4c1e21f0ac96232501163367210ac4d950da6ac65aa11fb3803d96bdc164ea282f6aab956b0d64841529d11563499029bc429555

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2082234753.xls

    • Size

      367KB

    • MD5

      377979b8ec401411aff27b271837a30c

    • SHA1

      19da1a5260761083698055a6151dc9af8463c25f

    • SHA256

      9f19557269565477a97fb8095c3449c3e9b61bf75a8ea5f67a445dab68854392

    • SHA512

      7f890705b6cdad0e9ef5dfe3df06d4ca78de2f48c35efa7607926c93dc60bf8563b4a94e1836276bc76ad77bffee85a7eddd26579c9404510d056b1855dbfa0c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks