Overview

overview

10

Static

static

catalog-19...45.xls

windows7_x64

10

catalog-19...45.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1980252445.zip

  • Size

    50KB

  • Sample

    210513-c5c6d73d2e

  • MD5

    fe089b3e12420ae6d1e942eb103dcdcc

  • SHA1

    36ce199fd2ef1b1b7b3143e3df9ef82755655663

  • SHA256

    a31a9d90292324e0d7f8abc9defcece8598ab54eae8b6462dd7d4fa6c881f13c

  • SHA512

    44ff7020f4fb6abaf5d9cc763853f0498d30367a2feb2efcdc0c7511cf6ec8ad9ee79cb3955b7518b1445610718f7a50410b9694d7009a227bedb1d26adc448d

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1980252445.xls

    • Size

      367KB

    • MD5

      837a78a9c6c126b35da1838f4723dcbc

    • SHA1

      56503c1420324d7952461680bcfddec4582dd9b0

    • SHA256

      35b8fb6028d94bc98e474263f0dd5535b81b81bcdf9d37bfb1e653f57e3830b4

    • SHA512

      7f4bd971677852d31f93b8718bb8a2ec0e448a8ee7aadadc300af74896abab5c15d96f979b26e85bd5d66c78cf2d2121de9da25bfb2944f96a977af2671f2b47

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks