f7fa58c11784ab508a84397aeafc7f21b98a9b4f1db8afcca66ec8ad8811e889 | Triage

Sharing

General

Target

catalog-2055527889.zip
Size

50KB
Sample

210513-gk33f54wha
MD5

84b870802e1a62169c356375e6f3118b
SHA1

194732a2482618067cb5608422c605289bed1c45
SHA256

f7fa58c11784ab508a84397aeafc7f21b98a9b4f1db8afcca66ec8ad8811e889
SHA512

666c2a537f856cea48cebc6012b414900efd3ea1e20afb8b81c37e0fd36f3329608a10b1998a19866903b583dde5f04a08fd64c7749fe28f77e9e6d8abf27fcc

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html

xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

- Target
  
  catalog-2055527889.xls
- Size
  
  367KB
- MD5
  
  2595ea4efc2c89f98d2a4d6c7a904a99
- SHA1
  
  36605f79c7e4b2428b877aad7a3395b7f72d95ff
- SHA256
  
  b8af0b781b0df7b72615a92a0d3c58a0ce76608cabb6b6e511bbe40f7e018ad7
- SHA512
  
  8405a5abb63714e8a3812cb65efabd6fc819626e84969857627fca508ffc8247e6018ef464f827be16482728c8885c42d36f234d227501608af36c5f4ec1c57b
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2