Overview

overview

10

Static

static

catalog-19...51.xls

windows7_x64

10

catalog-19...51.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1970035851.zip

  • Size

    50KB

  • Sample

    210513-fsgnbeebms

  • MD5

    06195e6171d46e37abbf8556b02e412d

  • SHA1

    712574c050fda79b3ae9b573ad5d6762b2ded1c0

  • SHA256

    4774e1d27fe7f316778ee52fef42613aed1bd5067b356c83e7ec89bf1b953dba

  • SHA512

    71667fc327a606ef88749780ea0655f52f1062ad3f6a043f387712ae4926d07af0cb40cb3e61d8ff66a0a7b303f72bc2cacfbfc2c6dede33b551f9aef2155015

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1970035851.xls

    • Size

      367KB

    • MD5

      2596aee4f556f411d4454dd01e0747ed

    • SHA1

      c10a63ec740fb82977d44196e5a28d41e56d483c

    • SHA256

      3800722117bcd77d739f707fc2122824354caae472011882ef2c3b784e64db20

    • SHA512

      7dcf6049e17b9c53ad1c4e91e7221df1f63888af0c56750a06f852a9940866a220f9fd3a532016a5fbf6f64fe02915154997fd69491cd79080e02615102c59a0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks