Overview

overview

10

Static

static

catalog-2115956.xls

windows7_x64

10

catalog-2115956.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-2115956.zip

  • Size

    50KB

  • Sample

    210513-f1vscm1w7a

  • MD5

    4724367e7d543f354551bad91d3ee329

  • SHA1

    3db13f72ab8d2a6ae02faa696c0c452e4415b336

  • SHA256

    4009d7853c5f1bd33ba2331ebf959d100d5bf0fe123aeeebef8a161f7dc01f84

  • SHA512

    d5abb3cd119219336d3e7717a03174f65adc95a060bf7845eb33d8526f008121ceecd33e73c55f982c90924332af035e5056df3a0dfd19e1301380c1d42e29a6

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-2115956.xls

    • Size

      367KB

    • MD5

      a67ef3eb41d7e82f2329bd288d0281b0

    • SHA1

      1b221c7343e2d1407d2e8d8ca723e47614d8055d

    • SHA256

      c8af2ff1a070715d15cbccc5419f782e0dba914a0b4ec23464885e82a0f71461

    • SHA512

      5f150cafe235a356b3f8be78da7b9ad615c3e1f7627ab0af2b4ea46715bd5505c12e3fc6afca5ad9f1110cc9492a3db660c01691a6a87a4c2faebccb483009dd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks