Overview

overview

10

Static

static

catalog-19...11.xls

windows7_x64

10

catalog-19...11.xls

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1938001011.zip

  • Size

    50KB

  • Sample

    210513-ez6xa28t7n

  • MD5

    dc43ea411e93cf205c7cb47d338781f3

  • SHA1

    c32219cdf36b6a7290d976fc8710e754d6d9bb24

  • SHA256

    8a6b9ee6b5d22414561c7ab7b0bac1eba87ba0fa5db20e1307745b7eda108496

  • SHA512

    bc022e9088e6bc4fed758b7e46988b9832fd91f6ceb2c7eddc3d081991cd149585e1aa84a868e829ff3875c982d691f9b8d80e22eb62f71b883f25e0c6d3d771

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1938001011.xls

    • Size

      367KB

    • MD5

      e893aabac2d600115e61ed4ea7e2c430

    • SHA1

      24b9c81384817edef89b0573748da16328f48485

    • SHA256

      94896e0016e807acd5169900de96eba870a69e15d4134bf91bae592e31b262ea

    • SHA512

      29f900e09b811e31e765b4c7a1daff21d10e87d18cfe756be77f2e1664615a60e10012ce66f84ca2541a3b4d7cdb5621cd931247ca864331320a9adcffd88ae4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks