953bc386abc5383ae88b789f3c1fde9671bf066221920792636bf69f129ae6ae | Triage

Sharing

General

Target

catalog-203745182.zip
Size

50KB
Sample

210513-fth4ef2v6x
MD5

ad942bcd2f6387262000a064353ebb2e
SHA1

9b5bcaf3ef1ccd0b4f1303a672cffa1ced36731e
SHA256

953bc386abc5383ae88b789f3c1fde9671bf066221920792636bf69f129ae6ae
SHA512

2f6f0fd6d40eb36707c1a4a97649293499ee621d9cf4369b63f8a88b22f58dea327420041aa2297af5b08de968a5d5db503147d2595497b83c9ecf2bf47e105d

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-203745182.xls
- Size
  
  367KB
- MD5
  
  c1c547ac52184fb6c1e601065c7eaf1c
- SHA1
  
  e76ca501ef368a71ffb7ab89c6100a2c071fbac9
- SHA256
  
  e084781ccd76988b8b6d15381545731686b58036a20df462657dd4ab361a95c4
- SHA512
  
  efbd27076fb369d866750a0174b6a86abad36211eadfb8046a48e98ac251b3d09094fee047770e34324c26d77ec4dac4afccd4769b5ebc9f9d1263ba0962c05e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2