Overview

overview

10

Static

static

catalog-20...51.xls

windows7_x64

10

catalog-20...51.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2000415751.zip

  • Size

    50KB

  • Sample

    210513-e6ff2wd4ha

  • MD5

    e26eeff0d04d97ca383aa9b923c56682

  • SHA1

    c572e9673ed95a863fd9e28e7a6fe5dcf10523bc

  • SHA256

    9da89b3ccaddc54aee4e70afeecf02900666fb930b404999c91e9e2ad96586df

  • SHA512

    aa5e10e49dabacb7e1e36a93aa72fa0a0891eef4f9c713d3e53ea99464501b1c25bc49ab3beed31258c695ee2939b6e9789f10b185d46540459f3cafbffd3c93

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2000415751.xls

    • Size

      367KB

    • MD5

      4b814c69cf6d994300b87271bc1ee91f

    • SHA1

      b01bce93377816a30f52f607fa0132f08bc95fd6

    • SHA256

      14f9ac0c6073b33f3798882e8512672bc457c0ad87e47d8bb9f6a04e8d878ab5

    • SHA512

      eba72e087980c3236f05452aa98607aed2afdacf145778f7b9e63c9ed980d9fbcc470e71f26c3064e183de0e53185c9ed5ba203a495a6ba0aa517d9989cdf686

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks