a4cf3f99be53cba41321f9f51169f48f43ada0a2cc08c89f6f92b5b07218c5e2 | Triage

Sharing

General

Target

catalog-1974012548.zip
Size

50KB
Sample

210513-ca1ez5868a
MD5

ad9574c52fb6ff021b1f11c7305a659b
SHA1

409364edfce309a2fe920edb4255d0d138017b6d
SHA256

a4cf3f99be53cba41321f9f51169f48f43ada0a2cc08c89f6f92b5b07218c5e2
SHA512

1c2133a2c69f4debe7922944e43e0247afb893d855d50c9bf3540aae3f0bcfbfbc66603331e8b973d18f67b8142e2eeba165730f62ae3f494a125d5d0eda8272

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1974012548.xls
- Size
  
  367KB
- MD5
  
  f4cfdf8031d98897354017d762c35f02
- SHA1
  
  8abc3b0303fdd554b1e7b8c8a07308f15bc548fe
- SHA256
  
  fabc1bb20bfac0798fe7895bf6b2da5998501eacce303bc1c6ec82bf9d1b56f6
- SHA512
  
  aa573abe426225dc2cc88e5ebf9a2b2f48c937f283874dada0360813def162846870dda65337c417ee1c82e3adb368709bb5c140fbe5fca8e2ce43f024bf65bf
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2