7fad526a8864c326085805f6293913bc8691c1b003bd8268efcbd14d33b82dac | Triage

Sharing

General

Target

catalog-1958608881.zip
Size

50KB
Sample

210513-emkbz2p726
MD5

d2c1d9b087ff25413f42d871228549ba
SHA1

c326676a7bd269bd4fe39150a089d160cd8fd6cb
SHA256

7fad526a8864c326085805f6293913bc8691c1b003bd8268efcbd14d33b82dac
SHA512

a3a336723bd4eef00371cf129b3723b6a3a279d7211f870223b1e21de976eee470666c00de4994b2a587bf444fb583c686b9deaa16b04866da7250de58a2a29c

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-1958608881.xls
- Size
  
  367KB
- MD5
  
  03d37ebbca2a3a54cb9090ec589f219c
- SHA1
  
  c56c1a308ed169dbb59843476c41ee225e4d777d
- SHA256
  
  e4abb30a2e9d2ac2556650ff6f56198fbe1eabb02c65f80b2e6679fe342772f9
- SHA512
  
  07fef9421d2c5d0991e520b2e1c67045bd55612e8a29149fcc5c3bf7093413fab24138eb390908592d1cf41483c9d0dc030037363b3ad394567d9eeaee5a5823
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2