8e8dfd661d58de326537f08f352d06a8620e050b762abb7933e5d0ce168faf09 | Triage

Sharing

General

Target

catalog-2084377151.zip
Size

50KB
Sample

210513-dbff11n12x
MD5

7add7a3b9f640f1645a8fe0e97321f32
SHA1

aeadf23c9ab4d72e857621b4d7a6e164b0b459f7
SHA256

8e8dfd661d58de326537f08f352d06a8620e050b762abb7933e5d0ce168faf09
SHA512

6c03fac538b0a950ac41bc3ae6db54c3558c2601cff06f2bcef381e17e7b4ab4d6f35bd04e203734a8e8a2d220d71b2a4f933ce0c179cd13bcd71e4e41a70a9c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2084377151.xls
- Size
  
  367KB
- MD5
  
  2d352058f8cbf4051e69f621fdae8230
- SHA1
  
  83c5531766840df31b6e16cf0a65b8f605d91f5a
- SHA256
  
  15225cdd778028cbe3a4bcf59fb0134c523f8a4b622e6433a7386be10f41ffeb
- SHA512
  
  d3c43b07247ffaeb34f36b6a84e32e0dac6779ac9e3a4cfcb57e36c5acd4ba164ab3496e725f9a37e75eae47c6d4ee57f1683030ac48b63908d7f987d50c671f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2