Overview

overview

10

Static

static

catalog-278022828.xls

windows7_x64

10

catalog-278022828.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-278022828.zip

  • Size

    50KB

  • Sample

    210513-gcppqne4rj

  • MD5

    01eedf61e615361134a2b3c54cb78928

  • SHA1

    71de2295f0f0f4ded2d438d670d4acd028ddc751

  • SHA256

    7b60c3d5e7027eaf4c6630d3bb44be2027d039425ab36aa833e3a3528f2dbfb5

  • SHA512

    d1787ea41ec3cd403d61ed28a9add1127fbb095344a248e7d1f03c4536f06f85cc6ce30e9e259dbf177c564a4bba70cd3e6fe9abe9e64e50bc3e38e7bd1dbfb8

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-278022828.xls

    • Size

      367KB

    • MD5

      dbe134fbf21ba0ff980a111f85dc731b

    • SHA1

      2c9ad12cb5b1e8e03fffcf50011fb8e413e43004

    • SHA256

      a9e5c916f174d397944ee04ff75f36b4b2b9a1f945401d20bf72c85515f769cd

    • SHA512

      b96e57caa9408104e54ed65a353adabdedf8258ce58e9d7a4dbdf796cea649a280c53b4fba569f8f757cfa50e8cbf0db1fd9ffd618672e92ffb1e8d4f2f6e9dd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks