6f0b821c187d2613139f9b7b96828e436fd2278091dc1e7173f0c5a955b06110 | Triage

Sharing

General

Target

catalog-2079036411.zip
Size

50KB
Sample

210513-b56ta1ddf6
MD5

9e569ec35fb39f50dc77d2b5ceafde52
SHA1

6d7e46b18cda525a68b2183a45dc6f59799fafdc
SHA256

6f0b821c187d2613139f9b7b96828e436fd2278091dc1e7173f0c5a955b06110
SHA512

e575efd1b995bee178457c1e45c176c09c277d07911c612deb1df0bed75b44c5ccfce58ed8bb395b8c7a1cc23da43ec3c9042d786ff43a4428fc6af3e7ed0702

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2079036411.xls
- Size
  
  367KB
- MD5
  
  2e20f15233d0243d2c9f6aab8cc1eefa
- SHA1
  
  2105414687e81930b9c6cc76cdb471ac50c6053e
- SHA256
  
  59f5b98be9bc536ddcd9823de632f479f2007867794bc6b9b8b88dec74a43e86
- SHA512
  
  e1e10d5c244b517b393fb5397a1b4f255a3bed6a9368eab798e2f0358e8b6e1b29fada43b4e7076c01d8462dadaee4988d16efcacf295bfb73624dc37c4a1eea
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2