e8fb165a38ff14baef711d1a6c7b32760657e5d63180912819de125a1db909fa | Triage

Sharing

General

Target

catalog-240736446.zip
Size

50KB
Sample

210513-chnwfdnfrs
MD5

3b30f5aeb0235061b061f442b1104d54
SHA1

9230bc8b95dc762a7db4b339c383a76b7f32f0fd
SHA256

e8fb165a38ff14baef711d1a6c7b32760657e5d63180912819de125a1db909fa
SHA512

fc71285f33b0f00bd65954bc8436490ee9a488198f788cb57caf3a2ed5c1dbc699e6531a98a04e0c9d07a2e0ee426daa72cc878463c4c9cb1fb9ee11ffde07c7

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-240736446.xls
- Size
  
  367KB
- MD5
  
  268a42021d538ca7841b16a223bd1085
- SHA1
  
  c35468d38c3fff9f929899b861cca27c9e600f38
- SHA256
  
  8606800ed23efe827bb5e2895e47cb815b2c6d0d7e836aad7ca36e2bd839846b
- SHA512
  
  9ad81acdbbe480497cbced8932269c6cc98bd294e954aca9fee70da02ef2f8784cf61361bcc758581f8f08cc9b66fc032a186d097255ed2b49b90912173e2f90
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2