0e664c5d32244e8d023cd96b33bba38fbadc379cdff4fefe3b9a354c32ebb0e2 | Triage

Sharing

General

Target

catalog-1940891734.zip
Size

50KB
Sample

210513-bw8hyshr32
MD5

dd90ea72ce41faa650749323d8b968cd
SHA1

9a173e061d51bd002d06f90915da0936cbda3359
SHA256

0e664c5d32244e8d023cd96b33bba38fbadc379cdff4fefe3b9a354c32ebb0e2
SHA512

897be0698de7590f232858be7fa85724fbbf47e6e8fc5a9440c76aaf70b0a0a8375fef7ffc4d7dd6a075a7189ac7d4afd81af9af5d9df96667d7248e39c6283c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1940891734.xls
- Size
  
  367KB
- MD5
  
  8ef992ac00c2e9ec59c68d3962f1507d
- SHA1
  
  d333340a56f823ce8247fd3d664ffbb72afddc4c
- SHA256
  
  be84ff071906f59547d969400a2b1fe78ed87cef8db306e1683fef779ef60cae
- SHA512
  
  4755868b4f32202a9ac9092d4f085f12c44f8b6f396d3f7f2d7e8f35c7688c98d02eaabe7bc36f3393a707159940768d3a48699909635ed79d5945205c9f7cd5
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2