7803274b6d54bf9480658b6b30eeb942fb16f89180dada3212848061a6e05db4 | Triage

Sharing

General

Target

catalog-2093175890.zip
Size

50KB
Sample

210513-dq7knlc2an
MD5

f37578dc9317123488a2b56a511ed422
SHA1

894e237d02daeede4c6b6d8a5c0e444be681c3a1
SHA256

7803274b6d54bf9480658b6b30eeb942fb16f89180dada3212848061a6e05db4
SHA512

69432921635bde790a4943e9712d0404d64763da3a7e0e00c16d26f479d8633cf31bf24b46ddf937f0265e28046e896044d605c1f5583b60cc175453f76efe28

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2093175890.xls
- Size
  
  367KB
- MD5
  
  f481ecbfbeb3c2db16108552ade76f79
- SHA1
  
  e1f1ad6fb4baca97372dcf1409aa516f93643660
- SHA256
  
  061be9a795e736facf259048ab92794550243d1a30d354d0ae0110adad414451
- SHA512
  
  833e16745493f0c503e717b504024c2712788fcfbe629ac6e8be4a988eec628479f2f7c82a13a51b5ff8be47779b9f3d47d8602578e7295d311af259ac7d7326
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2