Overview

overview

10

Static

static

catalog-19...93.xls

windows7_x64

10

catalog-19...93.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1957695393.zip

  • Size

    50KB

  • Sample

    210513-dme6kjsq2n

  • MD5

    3483be23c1df89d8cce021d35c4e195f

  • SHA1

    790edad2f77daba0345fc02b037d5a93712bcff6

  • SHA256

    ce4542d7e0a84fa4a3c61a4cc50958b16cad995378bd9590b4959fcf66c12071

  • SHA512

    fcae62165f52c7f6e758603813a6ede1cf9a2caadebfec6456da744f492931c094f9968dade103d28890d2c8ee1f131ddedb3083b211a8ff6291dbb346c47d71

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1957695393.xls

    • Size

      367KB

    • MD5

      e9f642fcb45f5dc739ede683b7eec9b4

    • SHA1

      aa66169be6707608086937a96d383b135354d433

    • SHA256

      36f6b05daf1586a33ebea9ef3774e10b6cf7e6e9233d56ba176f72fa22104a81

    • SHA512

      49e55a5e675057cd38499f84fc87d62cf56f3c481181b03fc8b6f95110a6cc9ea3a38e6f6fd693427b7487ec723b029dda714f9ea6d10ab6166ace4fa271d134

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks