Overview

overview

10

Static

static

catalog-20...19.xls

windows7_x64

10

catalog-20...19.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2080064519.zip

  • Size

    50KB

  • Sample

    210513-acqzglwqhn

  • MD5

    4b3f840443f10b316797390ac7fb6dd4

  • SHA1

    fbf765cf5476f45ae55e532dbb4d33b5008c51ea

  • SHA256

    1250c05520d45f775c7ca6301db3181c40db77a800ba82c6bac659740ee6122b

  • SHA512

    1b4175b1cc1fbb3c2378fac33ffd127d288b6849bb8bcd850f3cdf753242b654889e2734de87d83a12bdebd35d9f66859205e56e4dcad54f28738a5cbf6b9ee4

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2080064519.xls

    • Size

      367KB

    • MD5

      9dfabbf6638dd1532e5041e6e37bc900

    • SHA1

      b959cc30028b9a0c4a1b5d60b865ed0801bd6c80

    • SHA256

      778d9e7a4e6dbe6a82fe73e02ea0d5c54ddb5881929f19a2e832b57b4c6634eb

    • SHA512

      ce7f420b7c930b467f20940e96cdcae590e62db84d8b1948cd29589f4667780ae6d543f40ba0f1b33dc40f31c36f9e59d6e8e8447ab2ec04033d82076356667a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks