Overview

overview

10

Static

static

catalog-20...22.xls

windows7_x64

10

catalog-20...22.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2002069022.zip

  • Size

    50KB

  • Sample

    210513-de4wh4ys4s

  • MD5

    5ced5a9b1ea1fba8fe620874622af557

  • SHA1

    14485ee8bf95b91caa6c9082fdd75ebf637a4966

  • SHA256

    2bea5641e716e91b2d158a476513001851456c57b855204397f7cac85e834251

  • SHA512

    48ba3ac2d4ad8fb14c7509012e82115dcb2a3b5990e5a07e8601b8f051877bc23dfa7c53bf88cffaf6c9666e7245af5ff12756f477e3a30f3f6e95b4c1516214

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2002069022.xls

    • Size

      367KB

    • MD5

      8067b47ed46d73edffb43a227bfe6505

    • SHA1

      9970f06b1f7a870143260f37f73ba165caa1ee9f

    • SHA256

      290eb3b5b1c07d56e466212d7078f2e858edfb85bddb72891e841a5e6d8acbb2

    • SHA512

      7ceb35763cb35fdfed083daceef3a7bb474112b6f2c7e8031f50c50e18e46d6fc472cf288198ef50a5e9610f4e9b4bc8831584129a56cb5e2495b24a496ca2d3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks