54b074a6de3405d1cebf4b2b2f566c50ecb5f2858b4ddbdf0ef7658239b157c9 | Triage

Sharing

General

Target

catalog-2000871263.zip
Size

50KB
Sample

210513-c9xpake6ax
MD5

911ed1429531834a0c4592293c952beb
SHA1

7819f1d5d615d0ca27b9cc868bd03085f5315c4f
SHA256

54b074a6de3405d1cebf4b2b2f566c50ecb5f2858b4ddbdf0ef7658239b157c9
SHA512

9297a334cbd4288c7c9bf61cdec849ca11c181a50db26597b8cdc97f86ac0e241ff6ca53970817da9d6f3e24d67e600e946aaf53ab955fbe193d42514b08bb2a

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2000871263.xls
- Size
  
  367KB
- MD5
  
  24fc3c880d10eb1df2b31a5e312a56ca
- SHA1
  
  a000cd120bc081c5241ff1ae6a60e64bbc8c2bb1
- SHA256
  
  5db1edf69cb4b784f2f817d2acb77289415ee36bd03334507d10fe5145496673
- SHA512
  
  575a140e85cad11d0a606ebc69111ce3d22af505afe5d8d86793eda012856658d443e0ec3f7baf692fd1cd5e2c2bc3abc987aec7ba29df36b76e69c715e41eaa
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2