Overview

overview

10

Static

static

catalog-19...46.xls

windows7_x64

10

catalog-19...46.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalog-1964910546.zip

  • Size

    50KB

  • Sample

    210513-h2lv3bajva

  • MD5

    8e8ffcc966adaab1b63226f4b5c82c2a

  • SHA1

    80375e20b4748e0eef0a69eaa40ba5fd6fd44326

  • SHA256

    ec171b75af63ea52f84db80fbecab1444291731cfdb2a996f91dd120fb7e93a4

  • SHA512

    23552582ecbb0fd2611a90167dbd0a5ab19b0518f8b02a6392b6c031e35dadd916c409dd5f7e01a8e9614be1bf20dc1ac2e44b3855b17031292856c55b2f3fac

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://smartpalakatva.com/edQsUZOLlE/th.html
xlm40.dropper

https://pilstlcommodities.com/Ov4FlB3lpy/th.html

Targets

    • Target

      catalog-1964910546.xls

    • Size

      367KB

    • MD5

      63186ef7d86ae1aeba36979bc857435a

    • SHA1

      ebe3601b4880964ca69439a708f8778c0905e1bf

    • SHA256

      0c5dd93384b5274f95c10a857b49d8d595e1f1b8ce7ed59b18027b7d29471814

    • SHA512

      12ed95aab677a2f486ff91a07c975392ff09da6925c8e94b82a3605f39a5bd2ff70e10f365a73ed7eddd7fc867319b598b1dfd786f6576ee473890ad09b653b7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks