7d0f6fae31f17dc553e9294f38fe659c5baee2abfa6fa4a7847910b6bdbcc73c | Triage

Sharing

General

Target

catalog-293505934.zip
Size

50KB
Sample

210513-csvjs56j6j
MD5

6be28665bf58c3cf02fd0e693863431f
SHA1

b43b1c204504e483be70a5174e27e1628d1c40e9
SHA256

7d0f6fae31f17dc553e9294f38fe659c5baee2abfa6fa4a7847910b6bdbcc73c
SHA512

a0a51e36341e6cbd92cd2ea203276da2acae75cfae3bd82c14aba88c5d75c69ae67e65cf4c0f315d1274787d903b3a738130ac0d4f306aa00469b598dfdf2690

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-293505934.xls
- Size
  
  367KB
- MD5
  
  e418c30b1b736f8fe0f9954249c1e5a4
- SHA1
  
  ed03a46c59c55b707da90c44dd7e3317a08e75c9
- SHA256
  
  0701f832c3c572f16115a99fb7d401b019e0433012ee629aa9e7f49f8bc54760
- SHA512
  
  e2117b672e8cd46b9aa9abb5df123ca8350442d14bc1aa6354ba1ebfe953bfe37824fbdea3bbab4dee31161630c485989160c8deff68a107ac03cf51d2ddfc8a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2