Overview

overview

10

Static

static

catalog-18...98.xls

windows7_x64

10

catalog-18...98.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1875328898.zip

  • Size

    50KB

  • Sample

    210513-g27e9gjbts

  • MD5

    ad065fcb945aa0a6ee20d2bc47723d3e

  • SHA1

    104492903fea6d31e924912a64ea28586145f328

  • SHA256

    3db6402276ed9dc3118ece61827a303bb7add6d3c685b3350aa685229cda69e1

  • SHA512

    d2629a0c26c9e5a75a3a87c8296057f2f52af4bf33c45131187f0d9ae8ab0a41c324ff0dd6e22550f8111b5cd1cb4ced86427c7f7570d643de21f49710bb01e1

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1875328898.xls

    • Size

      367KB

    • MD5

      ccdeac7e3ea50174d9fa6b240087408b

    • SHA1

      d1920948a169ae48201f1ca7ec6b6d30581ef868

    • SHA256

      5a69cd39a36110f58cdebdad7e170e1b5c9d43ca48e96d96802acd74f35e5789

    • SHA512

      825ac7f7b7b1f638c7c81997b7be4e8a99d54c2483a47bca1b579289cedfd003d312ef4466fd5a1a34c36e8af7198025093375f1aa92a6c272c75d9042297a32

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks